From 0f107851d7e071b9515a0fbd78566e55b5254115 Mon Sep 17 00:00:00 2001 From: fsl <1171313930@qq.com> Date: Thu, 13 Jul 2023 01:49:32 +0800 Subject: [PATCH 001/105] chore(deps): bump library/golang from 1.20.5 to 1.20.6 (#14480) Signed-off-by: fengshunli <1171313930@qq.com> --- Dockerfile | 4 ++-- test/container/Dockerfile | 2 +- test/remote/Dockerfile | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index dbed21ca65bad..a35ad80d18dd5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:ac58ff7fe25edc58bdf0067ca99 # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image # Also used as the image in CI jobs so needs all dependencies #################################################################################################### -FROM docker.io/library/golang:1.20.5@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS builder +FROM docker.io/library/golang:1.20.6@sha256:8e5a0067e6b387263a01d06b91ef1a983f90e9638564f6e25392fd2695f7ab6c AS builder RUN echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list @@ -101,7 +101,7 @@ RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OP #################################################################################################### # Argo CD Build stage which performs the actual build of Argo CD binaries #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.20.5@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS argocd-build +FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.20.6@sha256:8e5a0067e6b387263a01d06b91ef1a983f90e9638564f6e25392fd2695f7ab6c AS argocd-build WORKDIR /go/src/github.com/argoproj/argo-cd diff --git a/test/container/Dockerfile b/test/container/Dockerfile index d6ae93e26884b..22b984dfa2633 100644 --- a/test/container/Dockerfile +++ b/test/container/Dockerfile @@ -8,7 +8,7 @@ RUN ln -s /usr/lib/$(uname -m)-linux-gnu /usr/lib/linux-gnu # Please make sure to also check the contained yarn version and update the references below when upgrading this image's version FROM docker.io/library/node:20.4.0@sha256:b3ca7d32f0c12291df6e45a914d4ee60011a3fce4a978df5e609e356a4a2cb88 as node -FROM docker.io/library/golang:1.20.5@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f as golang +FROM docker.io/library/golang:1.20.6@sha256:8e5a0067e6b387263a01d06b91ef1a983f90e9638564f6e25392fd2695f7ab6c as golang FROM docker.io/library/registry:2.8@sha256:41f413c22d6156587e2a51f3e80c09808b8c70e82be149b82b5e0196a88d49b4 as registry diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile index effd69c9768af..9851825b58264 100644 --- a/test/remote/Dockerfile +++ b/test/remote/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:22.04 -FROM docker.io/library/golang:1.20.5@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS go +FROM docker.io/library/golang:1.20.6@sha256:8e5a0067e6b387263a01d06b91ef1a983f90e9638564f6e25392fd2695f7ab6c AS go RUN go install github.com/mattn/goreman@latest && \ go install github.com/kisielk/godepgraph@latest From 927b940c3e455028fc6d830482fee8e840b36ff9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Jul 2023 23:16:55 +0000 Subject: [PATCH 002/105] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.298 to 1.44.299 (#14468) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.298 to 1.44.299. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.298...v1.44.299) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 94437d3427379..2a2db5c8a0390 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230607163028-425d65e07695 github.com/argoproj/notifications-engine v0.4.1-0.20230620204159-3446d4ae8520 github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 - github.com/aws/aws-sdk-go v1.44.298 + github.com/aws/aws-sdk-go v1.44.299 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 diff --git a/go.sum b/go.sum index 9c1315e2d479c..3e1ffdd2e0128 100644 --- a/go.sum +++ b/go.sum @@ -716,8 +716,8 @@ github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.298 h1:5qTxdubgV7PptZJmp/2qDwD2JL187ePL7VOxsSh1i3g= -github.com/aws/aws-sdk-go v1.44.298/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.299 h1:HVD9lU4CAFHGxleMJp95FV/sRhtg7P4miHD1v88JAQk= +github.com/aws/aws-sdk-go v1.44.299/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= From 0fd5a99f201d7b0be0a319a6f7e9cb7e9360b6ee Mon Sep 17 00:00:00 2001 From: Christian Hernandez Date: Thu, 13 Jul 2023 06:31:14 -0700 Subject: [PATCH 003/105] added instructions on how to delete a user (#14488) Signed-off-by: Christian Hernandez Co-authored-by: pasha-codefresh --- docs/operator-manual/user-management/index.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/docs/operator-manual/user-management/index.md b/docs/operator-manual/user-management/index.md index 5bac93db92d06..1b3b96cd72104 100644 --- a/docs/operator-manual/user-management/index.md +++ b/docs/operator-manual/user-management/index.md @@ -44,6 +44,24 @@ Each user might have two capabilities: * apiKey - allows generating authentication tokens for API access * login - allows to login using UI +### Delete user + +In order to delete a user, you must remove the corresponding entry defined in the `argocd-cm` ConfigMap: + +Example: + +```bash +kubectl patch -n argocd cm argocd-cm --type='json' -p='[{"op": "remove", "path": "/data/accounts.alice"}]' +``` + +It is recommended to also remove the password entry in the `argocd-secret` Secret: + +Example: + +```bash +kubectl patch -n argocd secrets argocd-secret --type='json' -p='[{"op": "remove", "path": "/data/accounts.alice.password"}]' +``` + ### Disable admin user As soon as additional users are created it is recommended to disable `admin` user: From 00917d19a92e299fa90b816d45f88e59b9bc0323 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Thu, 13 Jul 2023 10:42:39 -0400 Subject: [PATCH 004/105] chore: improve ignoreResourceUpdates logging (#14476) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: pasha-codefresh --- controller/appcontroller.go | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/controller/appcontroller.go b/controller/appcontroller.go index d6690e4c93e54..45f1b0d4e9e90 100644 --- a/controller/appcontroller.go +++ b/controller/appcontroller.go @@ -364,12 +364,14 @@ func (ctrl *ApplicationController) handleObjectUpdated(managedByApp map[string]b namespace = "(cluster-scoped)" } log.WithFields(log.Fields{ - "application": appKey, - "level": level, - "namespace": namespace, - "name": ref.Name, - "api-version": ref.APIVersion, - "kind": ref.Kind, + "application": appKey, + "level": level, + "namespace": namespace, + "name": ref.Name, + "api-version": ref.APIVersion, + "kind": ref.Kind, + "server": app.Spec.Destination.Server, + "cluster-name": app.Spec.Destination.Name, }).Debug("Requesting app refresh caused by object update") ctrl.requestAppRefresh(app.QualifiedName(), &level, nil) From 5fbe93504f43d64c00ca5a0364077781598db88d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Jul 2023 10:59:16 -0400 Subject: [PATCH 005/105] chore(deps): bump github.com/bradleyfalzon/ghinstallation/v2 (#14489) Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.5.0...v2.6.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 2a2db5c8a0390..0e3196c4be68e 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/aws/aws-sdk-go v1.44.299 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 - github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 + github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 github.com/casbin/casbin/v2 v2.71.1 github.com/coreos/go-oidc/v3 v3.6.0 github.com/cyphar/filepath-securejoin v0.2.3 @@ -165,7 +165,7 @@ require ( github.com/google/btree v1.0.1 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-github/v41 v41.0.0 // indirect - github.com/google/go-github/v53 v53.0.0 // indirect + github.com/google/go-github/v53 v53.2.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.1.0 // indirect github.com/gosimple/unidecode v1.0.1 // indirect diff --git a/go.sum b/go.sum index 3e1ffdd2e0128..60fc9d93e9ead 100644 --- a/go.sum +++ b/go.sum @@ -738,8 +738,8 @@ github.com/bombsimon/logrusr/v2 v2.0.1 h1:1VgxVNQMCvjirZIYaT9JYn6sAVGVEcNtRE0y4m github.com/bombsimon/logrusr/v2 v2.0.1/go.mod h1:ByVAX+vHdLGAfdroiMg6q0zgq2FODY2lc5YJvzmOJio= github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= -github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 h1:yaYcGQ7yEIGbsJfW/9z7v1sLiZg/5rSNNXwmMct5XaE= -github.com/bradleyfalzon/ghinstallation/v2 v2.5.0/go.mod h1:amcvPQMrRkWNdueWOjPytGL25xQGzox7425qMgzo+Vo= +github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 h1:IRY7Xy588KylkoycsUhFpW7cdGpy5Y5BPsz4IfuJtGk= +github.com/bradleyfalzon/ghinstallation/v2 v2.6.0/go.mod h1:oQ3etOwN3TRH4EwgW5/7MxSVMGlMlzG/O8TU7eYdoSk= github.com/bsm/ginkgo/v2 v2.7.0 h1:ItPMPH90RbmZJt5GtkcNvIRuGEdwlBItdNVoyzaNQao= github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= @@ -1143,8 +1143,8 @@ github.com/google/go-github/v35 v35.3.0 h1:fU+WBzuukn0VssbayTT+Zo3/ESKX9JYWjbZTL github.com/google/go-github/v35 v35.3.0/go.mod h1:yWB7uCcVWaUbUP74Aq3whuMySRMatyRmq5U9FTNlbio= github.com/google/go-github/v41 v41.0.0 h1:HseJrM2JFf2vfiZJ8anY2hqBjdfY1Vlj/K27ueww4gg= github.com/google/go-github/v41 v41.0.0/go.mod h1:XgmCA5H323A9rtgExdTcnDkcqp6S30AVACCBDOonIxg= -github.com/google/go-github/v53 v53.0.0 h1:T1RyHbSnpHYnoF0ZYKiIPSgPtuJ8G6vgc0MKodXsQDQ= -github.com/google/go-github/v53 v53.0.0/go.mod h1:XhFRObz+m/l+UCm9b7KSIC3lT3NWSXGt7mOsAWEloao= +github.com/google/go-github/v53 v53.2.0 h1:wvz3FyF53v4BK+AsnvCmeNhf8AkTaeh2SoYu/XUvTtI= +github.com/google/go-github/v53 v53.2.0/go.mod h1:XhFRObz+m/l+UCm9b7KSIC3lT3NWSXGt7mOsAWEloao= github.com/google/go-jsonnet v0.20.0 h1:WG4TTSARuV7bSm4PMB4ohjxe33IHT5WVTrJSU33uT4g= github.com/google/go-jsonnet v0.20.0/go.mod h1:VbgWF9JX7ztlv770x/TolZNGGFfiHEVx9G6ca2eUmeA= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= From d558e42aec1ddc0d4e23a382392e11cd84dc9d5a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Jul 2023 11:00:56 -0400 Subject: [PATCH 006/105] chore(deps): bump docker/setup-buildx-action from 2.9.0 to 2.9.1 (#14492) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.9.0 to 2.9.1. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/2a1a44ac4aa01993040736bd95bb470da1a38365...4c0219f9ac95b02789c1075625400b2acbff50b1) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/image-reuse.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index 9cd200f0b51b6..3c7389af9e203 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -79,7 +79,7 @@ jobs: cosign-release: 'v2.0.0' - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 - - uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2.9.0 + - uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1 - name: Setup tags for container image as a CSV type run: | From e713a1591ba869f438e70c4df45dd1a7a0a7ca8a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Jul 2023 15:54:54 +0000 Subject: [PATCH 007/105] chore(deps): bump github.com/antonmedv/expr from 1.12.5 to 1.12.6 (#14490) Bumps [github.com/antonmedv/expr](https://github.com/antonmedv/expr) from 1.12.5 to 1.12.6. - [Release notes](https://github.com/antonmedv/expr/releases) - [Commits](https://github.com/antonmedv/expr/compare/v1.12.5...v1.12.6) --- updated-dependencies: - dependency-name: github.com/antonmedv/expr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0e3196c4be68e..2ee3708f60146 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.3 github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d github.com/alicebob/miniredis/v2 v2.30.4 - github.com/antonmedv/expr v1.12.5 + github.com/antonmedv/expr v1.12.6 github.com/argoproj/gitops-engine v0.7.1-0.20230607163028-425d65e07695 github.com/argoproj/notifications-engine v0.4.1-0.20230620204159-3446d4ae8520 github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 diff --git a/go.sum b/go.sum index 60fc9d93e9ead..479efe2dbbbff 100644 --- a/go.sum +++ b/go.sum @@ -685,8 +685,8 @@ github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHG github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= -github.com/antonmedv/expr v1.12.5 h1:Fq4okale9swwL3OeLLs9WD9H6GbgBLJyN/NUHRv+n0E= -github.com/antonmedv/expr v1.12.5/go.mod h1:FPC8iWArxls7axbVLsW+kpg1mz29A1b2M6jt+hZfDkU= +github.com/antonmedv/expr v1.12.6 h1:qtgMHOFissxhePwokx0xB9eqS6PUy0SbhDRPD67PInA= +github.com/antonmedv/expr v1.12.6/go.mod h1:FPC8iWArxls7axbVLsW+kpg1mz29A1b2M6jt+hZfDkU= github.com/apache/arrow/go/v10 v10.0.1/go.mod h1:YvhnlEePVnBS4+0z3fhPfUy7W1Ikj0Ih0vcRo/gZ1M0= github.com/apache/arrow/go/v11 v11.0.0/go.mod h1:Eg5OsL5H+e299f7u5ssuXsuHQVEGC4xei5aX110hRiI= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= From 575c5ad2c0c5ad02ac657129ca6dc4dd431eadfb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Jul 2023 16:52:23 +0000 Subject: [PATCH 008/105] chore(deps): bump github.com/ktrysmt/go-bitbucket from 0.9.61 to 0.9.63 (#14503) Bumps [github.com/ktrysmt/go-bitbucket](https://github.com/ktrysmt/go-bitbucket) from 0.9.61 to 0.9.63. - [Release notes](https://github.com/ktrysmt/go-bitbucket/releases) - [Commits](https://github.com/ktrysmt/go-bitbucket/compare/v0.9.61...v0.9.63) --- updated-dependencies: - dependency-name: github.com/ktrysmt/go-bitbucket dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 2ee3708f60146..5f265d7551aab 100644 --- a/go.mod +++ b/go.mod @@ -52,7 +52,7 @@ require ( github.com/itchyny/gojq v0.12.13 github.com/jeremywohl/flatten v1.0.1 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 - github.com/ktrysmt/go-bitbucket v0.9.61 + github.com/ktrysmt/go-bitbucket v0.9.63 github.com/mattn/go-isatty v0.0.19 github.com/mattn/go-zglob v0.0.4 github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 diff --git a/go.sum b/go.sum index 479efe2dbbbff..b2a7583bb5405 100644 --- a/go.sum +++ b/go.sum @@ -1377,8 +1377,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/ktrysmt/go-bitbucket v0.9.61 h1:D91llgR+g+lPBafyb1bKZpeoqSiXE4UcObACwVXMA44= -github.com/ktrysmt/go-bitbucket v0.9.61/go.mod h1:QvxNfWkVjw8mPuvfGOgWHuv51P5yZKFqXdPh0JeG8B8= +github.com/ktrysmt/go-bitbucket v0.9.63 h1:Dfcl+h0FV2yRDWjyFkI1OnyzmkHn7zy9ljT0kgrkbX8= +github.com/ktrysmt/go-bitbucket v0.9.63/go.mod h1:QvxNfWkVjw8mPuvfGOgWHuv51P5yZKFqXdPh0JeG8B8= github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= From f8acbe93a86eb7d2f9b8cd3e2e8a0773def67784 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Jul 2023 10:33:50 -0400 Subject: [PATCH 009/105] chore(deps): bump sigs.k8s.io/structured-merge-diff/v4 (#14509) Bumps [sigs.k8s.io/structured-merge-diff/v4](https://github.com/kubernetes-sigs/structured-merge-diff) from 4.2.3 to 4.3.0. - [Release notes](https://github.com/kubernetes-sigs/structured-merge-diff/releases) - [Changelog](https://github.com/kubernetes-sigs/structured-merge-diff/blob/master/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/structured-merge-diff/compare/v4.2.3...v4.3.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/structured-merge-diff/v4 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 5f265d7551aab..94e5d1cf199b4 100644 --- a/go.mod +++ b/go.mod @@ -100,7 +100,7 @@ require ( layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 oras.land/oras-go/v2 v2.2.1 sigs.k8s.io/controller-runtime v0.11.0 - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 + sigs.k8s.io/structured-merge-diff/v4 v4.3.0 sigs.k8s.io/yaml v1.3.0 ) diff --git a/go.sum b/go.sum index b2a7583bb5405..1c7bd880d5208 100644 --- a/go.sum +++ b/go.sum @@ -2889,8 +2889,8 @@ sigs.k8s.io/kustomize/kyaml v0.13.6 h1:eF+wsn4J7GOAXlvajv6OknSunxpcOBQQqsnPxObtk sigs.k8s.io/kustomize/kyaml v0.13.6/go.mod h1:yHP031rn1QX1lr/Xd934Ri/xdVNG8BE2ECa78Ht/kEg= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= +sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk= +sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= From 0479583be3b1f8fc5cf88f235be5ca43ccfd82fc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Jul 2023 10:34:24 -0400 Subject: [PATCH 010/105] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.299 to 1.44.300 (#14510) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.299 to 1.44.300. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.299...v1.44.300) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 94e5d1cf199b4..dd23b9f79bde0 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230607163028-425d65e07695 github.com/argoproj/notifications-engine v0.4.1-0.20230620204159-3446d4ae8520 github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 - github.com/aws/aws-sdk-go v1.44.299 + github.com/aws/aws-sdk-go v1.44.300 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 diff --git a/go.sum b/go.sum index 1c7bd880d5208..fbce6342ebef4 100644 --- a/go.sum +++ b/go.sum @@ -716,8 +716,8 @@ github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.299 h1:HVD9lU4CAFHGxleMJp95FV/sRhtg7P4miHD1v88JAQk= -github.com/aws/aws-sdk-go v1.44.299/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.300 h1:Zn+3lqgYahIf9yfrwZ+g+hq/c3KzUBaQ8wqY/ZXiAbY= +github.com/aws/aws-sdk-go v1.44.300/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= From 1ee4389ae5de1c86b8af53d44d7a045b1b4fabc7 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Fri, 14 Jul 2023 11:38:03 -0400 Subject: [PATCH 011/105] docs: improve ignoreResourceUpdates docs (#14475) * docs: improve ignoreResourceUpdates docs Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * more Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: pasha-codefresh --- docs/operator-manual/reconcile.md | 53 +++++++++++++++++++++++++++++-- 1 file changed, 51 insertions(+), 2 deletions(-) diff --git a/docs/operator-manual/reconcile.md b/docs/operator-manual/reconcile.md index 7c886005903e2..a956cd9cf7b28 100644 --- a/docs/operator-manual/reconcile.md +++ b/docs/operator-manual/reconcile.md @@ -13,7 +13,8 @@ When a resource update is ignored, if the resource's [health status](./health.md Argo CD allows ignoring resource updates at a specific JSON path, using [RFC6902 JSON patches](https://tools.ietf.org/html/rfc6902) and [JQ path expressions](https://stedolan.github.io/jq/manual/#path(path_expression)). It can be configured for a specified group and kind in `resource.customizations` key of the `argocd-cm` ConfigMap. -The feature is behind a flag. To enable it, set `resource.ignoreResourceUpdatesEnabled` to `"true"` in the `argocd-cm` ConfigMap. +!!!important "Enabling the feature" + The feature is behind a flag. To enable it, set `resource.ignoreResourceUpdatesEnabled` to `"true"` in the `argocd-cm` ConfigMap. Following is an example of a customization which ignores the `refreshTime` status field of an [`ExternalSecret`](https://external-secrets.io/main/api/externalsecret/) resource: @@ -22,6 +23,9 @@ data: resource.customizations.ignoreResourceUpdates.external-secrets.io_ExternalSecret: | jsonPointers: - /status/refreshTime + # JQ equivalent of the above: + # jqPathExpressions: + # - .status.refreshTime ``` It is possible to configure `ignoreResourceUpdates` to be applied to all tracked resources in every Application managed by an Argo CD instance. In order to do so, resource customizations can be configured like in the example below: @@ -61,4 +65,49 @@ To find these logs, search for `"Requesting app refresh caused by object update" fields for `api-version` and `kind`. Counting the number of refreshes triggered, by api-version/kind should reveal the high-churn resource kinds. -Note that these logs are at the `debug` level. Configure the application-controller's log level to `debug`. +!!!note + These logs are at the `debug` level. Configure the application-controller's log level to `debug`. + +Once you have identified some resources which change often, you can try to determine which fields are changing. Here is +one approach: + +```shell +kubectl get -o yaml > /tmp/before.yaml +# Wait a minute or two. +kubectl get -o yaml > /tmp/after.yaml +diff /tmp/before.yaml /tmp/after +``` + +The diff can give you a sense for which fields are changing and should perhaps be ignored. + +## Checking Whether Resource Updates are Ignored + +Whenever Argo CD skips a refresh due to an ignored resource update, the controller logs the following line: +"Ignoring change of object because none of the watched resource fields have changed". + +Search the application-controller logs for this line to confirm that your resource ignore rules are being applied. + +!!!note + These logs are at the `debug` level. Configure the application-controller's log level to `debug`. + +## Examples + +### argoproj.io/Application + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cm +data: + resource.customizations.ignoreResourceUpdates.argoproj.io_Application: | + jsonPointers: + # Ignore when ownerReferences change, for example when a parent ApplicationSet changes often. + - /metadata/ownerReferences + # Ignore reconciledAt, since by itself it doesn't indicate any important change. + - /status/reconciledAt + jqPathExpressions: + # Ignore lastTransitionTime for conditions; helpful when SharedResourceWarnings are being regularly updated but not + # actually changing in content. + - .status.conditions[].lastTransitionTime +``` From 9bf5e50784a8be50bf89a2772a920798955c843f Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Fri, 14 Jul 2023 13:03:48 -0400 Subject: [PATCH 012/105] fix(security): don't allow app enumeration via RevisionChartDetails (#14512) * fix(security): don't allow app enumeration via RevisionChartDetails Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * better app name Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- server/application/application.go | 11 ++----- server/application/application_test.go | 43 +++++++++++++++++++++++--- 2 files changed, 41 insertions(+), 13 deletions(-) diff --git a/server/application/application.go b/server/application/application.go index 0a82be5f2f35c..4bf9a858ef4db 100644 --- a/server/application/application.go +++ b/server/application/application.go @@ -1371,17 +1371,12 @@ func (s *Server) RevisionMetadata(ctx context.Context, q *application.RevisionMe // RevisionChartDetails returns the helm chart metadata, as fetched from the reposerver func (s *Server) RevisionChartDetails(ctx context.Context, q *application.RevisionMetadataQuery) (*appv1.ChartDetails, error) { - appName := q.GetName() - appNs := s.appNamespaceOrDefault(q.GetAppNamespace()) - a, err := s.appLister.Applications(appNs).Get(appName) + a, err := s.getApplicationEnforceRBACInformer(ctx, rbacpolicy.ActionGet, q.GetAppNamespace(), q.GetName()) if err != nil { - return nil, fmt.Errorf("error getting app by name: %w", err) - } - if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplications, rbacpolicy.ActionGet, a.RBACName(s.ns)); err != nil { - return nil, fmt.Errorf("error enforcing claims: %w", err) + return nil, err } if a.Spec.Source.Chart == "" { - return nil, fmt.Errorf("no chart found for application: %v", appName) + return nil, fmt.Errorf("no chart found for application: %v", a.QualifiedName()) } repo, err := s.db.GetRepository(ctx, a.Spec.Source.RepoURL) if err != nil { diff --git a/server/application/application_test.go b/server/application/application_test.go index 2dcefc121dfca..3bc4903e9d2dc 100644 --- a/server/application/application_test.go +++ b/server/application/application_test.go @@ -88,14 +88,14 @@ func fakeAppList() *apiclient.AppList { } } -func fakeResolveRevesionResponse() *apiclient.ResolveRevisionResponse { +func fakeResolveRevisionResponse() *apiclient.ResolveRevisionResponse { return &apiclient.ResolveRevisionResponse{ Revision: "f9ba9e98119bf8c1176fbd65dbae26a71d044add", AmbiguousRevision: "HEAD (f9ba9e98119bf8c1176fbd65dbae26a71d044add)", } } -func fakeResolveRevesionResponseHelm() *apiclient.ResolveRevisionResponse { +func fakeResolveRevisionResponseHelm() *apiclient.ResolveRevisionResponse { return &apiclient.ResolveRevisionResponse{ Revision: "0.7.*", AmbiguousRevision: "0.7.* (0.7.2)", @@ -113,11 +113,12 @@ func fakeRepoServerClient(isHelm bool) *mocks.RepoServerServiceClient { mockWithFilesClient.On("Send", mock.Anything).Return(nil) mockWithFilesClient.On("CloseAndRecv").Return(&apiclient.ManifestResponse{}, nil) mockRepoServiceClient.On("GenerateManifestWithFiles", mock.Anything, mock.Anything).Return(mockWithFilesClient, nil) + mockRepoServiceClient.On("GetRevisionChartDetails", mock.Anything, mock.Anything).Return(&appsv1.ChartDetails{}, nil) if isHelm { - mockRepoServiceClient.On("ResolveRevision", mock.Anything, mock.Anything).Return(fakeResolveRevesionResponseHelm(), nil) + mockRepoServiceClient.On("ResolveRevision", mock.Anything, mock.Anything).Return(fakeResolveRevisionResponseHelm(), nil) } else { - mockRepoServiceClient.On("ResolveRevision", mock.Anything, mock.Anything).Return(fakeResolveRevesionResponse(), nil) + mockRepoServiceClient.On("ResolveRevision", mock.Anything, mock.Anything).Return(fakeResolveRevisionResponse(), nil) } return &mockRepoServiceClient @@ -722,8 +723,31 @@ func TestNoAppEnumeration(t *testing.T) { }, } }) + testHelmApp := newTestApp(func(app *appsv1.Application) { + app.Name = "test-helm" + app.Spec.Source.Path = "" + app.Spec.Source.Chart = "test" + app.Status.Resources = []appsv1.ResourceStatus{ + { + Group: deployment.GroupVersionKind().Group, + Kind: deployment.GroupVersionKind().Kind, + Version: deployment.GroupVersionKind().Version, + Name: deployment.Name, + Namespace: deployment.Namespace, + Status: "Synced", + }, + } + app.Status.History = []appsv1.RevisionHistory{ + { + ID: 0, + Source: appsv1.ApplicationSource{ + TargetRevision: "something-old", + }, + }, + } + }) testDeployment := kube.MustToUnstructured(&deployment) - appServer := newTestAppServerWithEnforcerConfigure(f, t, testApp, testDeployment) + appServer := newTestAppServerWithEnforcerConfigure(f, t, testApp, testHelmApp, testDeployment) noRoleCtx := context.Background() // nolint:staticcheck @@ -833,6 +857,15 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") }) + t.Run("RevisionChartDetails", func(t *testing.T) { + _, err := appServer.RevisionChartDetails(adminCtx, &application.RevisionMetadataQuery{Name: pointer.String("test-helm")}) + assert.NoError(t, err) + _, err = appServer.RevisionChartDetails(noRoleCtx, &application.RevisionMetadataQuery{Name: pointer.String("test-helm")}) + assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.RevisionChartDetails(adminCtx, &application.RevisionMetadataQuery{Name: pointer.String("doest-not-exist")}) + assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + }) + t.Run("ManagedResources", func(t *testing.T) { _, err := appServer.ManagedResources(adminCtx, &application.ResourcesQuery{ApplicationName: pointer.String("test")}) assert.NoError(t, err) From 4bd8b07c514e26c6b7837f30d52afd1a3cdedcfd Mon Sep 17 00:00:00 2001 From: Yuan Tang Date: Fri, 14 Jul 2023 17:17:19 -0400 Subject: [PATCH 013/105] chore: Update log level to warn when in-cluster svr addr is disabled but internal addr is used (#14520) Signed-off-by: Yuan Tang --- util/db/cluster.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/db/cluster.go b/util/db/cluster.go index b505c693ee0fe..b046e3d1010b9 100644 --- a/util/db/cluster.go +++ b/util/db/cluster.go @@ -78,7 +78,7 @@ func (db *db) ListClusters(ctx context.Context) (*appv1.ClusterList, error) { hasInClusterCredentials = true clusterList.Items = append(clusterList.Items, *cluster) } else { - log.Errorf("failed to add cluster %q to cluster list: in-cluster server address is disabled in Argo CD settings", cluster.Name) + log.Warnf("failed to add cluster %q to cluster list: in-cluster server address is disabled in Argo CD settings", cluster.Name) } } else { clusterList.Items = append(clusterList.Items, *cluster) From b90f3bc774b05fc71a1f3cb8803eb66bfd20e5a7 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Mon, 17 Jul 2023 09:19:25 -0400 Subject: [PATCH 014/105] fix(appset): normalize app spec before applying (#14481) * fix(appset): normalize app spec before applying Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * fix nil ref, add test Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * fix another test Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- .../controllers/applicationset_controller.go | 3 + .../applicationset_controller_test.go | 119 ++++++++++++++---- util/argo/argo.go | 3 +- 3 files changed, 97 insertions(+), 28 deletions(-) diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go index d785ad7289c4a..1914783c4c79e 100644 --- a/applicationset/controllers/applicationset_controller.go +++ b/applicationset/controllers/applicationset_controller.go @@ -597,6 +597,9 @@ func (r *ApplicationSetReconciler) createOrUpdateInCluster(ctx context.Context, appLog := log.WithFields(log.Fields{"app": generatedApp.Name, "appSet": applicationSet.Name}) generatedApp.Namespace = applicationSet.Namespace + // Normalize to avoid fighting with the application controller. + generatedApp.Spec = *argoutil.NormalizeApplicationSpec(&generatedApp.Spec) + found := &argov1alpha1.Application{ ObjectMeta: metav1.ObjectMeta{ Name: generatedApp.Name, diff --git a/applicationset/controllers/applicationset_controller_test.go b/applicationset/controllers/applicationset_controller_test.go index dd934cc7dd53f..9fdc8b0434879 100644 --- a/applicationset/controllers/applicationset_controller_test.go +++ b/applicationset/controllers/applicationset_controller_test.go @@ -373,6 +373,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { Namespace: "namespace", ResourceVersion: "1", }, + Spec: v1alpha1.ApplicationSpec{Project: "default"}, }, }, }, @@ -900,6 +901,60 @@ func TestCreateOrUpdateInCluster(t *testing.T) { }, }, }, + }, { + name: "Ensure that the app spec is normalized before applying", + appSet: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "namespace", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Template: v1alpha1.ApplicationSetTemplate{ + Spec: v1alpha1.ApplicationSpec{ + Project: "project", + Source: &v1alpha1.ApplicationSource{ + Directory: &v1alpha1.ApplicationSourceDirectory{ + Jsonnet: v1alpha1.ApplicationSourceJsonnet{}, + }, + }, + }, + }, + }, + }, + desiredApps: []v1alpha1.Application{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "app1", + }, + Spec: v1alpha1.ApplicationSpec{ + Project: "project", + Source: &v1alpha1.ApplicationSource{ + Directory: &v1alpha1.ApplicationSourceDirectory{ + Jsonnet: v1alpha1.ApplicationSourceJsonnet{}, + }, + }, + }, + }, + }, + expected: []v1alpha1.Application{ + { + TypeMeta: metav1.TypeMeta{ + Kind: "Application", + APIVersion: "argoproj.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "app1", + Namespace: "namespace", + ResourceVersion: "1", + }, + Spec: v1alpha1.ApplicationSpec{ + Project: "project", + Source: &v1alpha1.ApplicationSource{ + // Directory and jsonnet block are removed + }, + }, + }, + }, }, } { @@ -1231,13 +1286,15 @@ func TestCreateApplications(t *testing.T) { err = v1alpha1.AddToScheme(scheme) assert.Nil(t, err) - for _, c := range []struct { + testCases := []struct { + name string appSet v1alpha1.ApplicationSet existsApps []v1alpha1.Application apps []v1alpha1.Application expected []v1alpha1.Application }{ { + name: "no existing apps", appSet: v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "name", @@ -1263,10 +1320,14 @@ func TestCreateApplications(t *testing.T) { Namespace: "namespace", ResourceVersion: "1", }, + Spec: v1alpha1.ApplicationSpec{ + Project: "default", + }, }, }, }, { + name: "existing apps", appSet: v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "name", @@ -1324,6 +1385,7 @@ func TestCreateApplications(t *testing.T) { }, }, { + name: "existing apps with different project", appSet: v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "name", @@ -1380,39 +1442,42 @@ func TestCreateApplications(t *testing.T) { }, }, }, - } { - initObjs := []crtclient.Object{&c.appSet} - for _, a := range c.existsApps { - err = controllerutil.SetControllerReference(&c.appSet, &a, scheme) - assert.Nil(t, err) - initObjs = append(initObjs, &a) - } - - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(initObjs...).Build() + } - r := ApplicationSetReconciler{ - Client: client, - Scheme: scheme, - Recorder: record.NewFakeRecorder(len(initObjs) + len(c.expected)), - } + for _, c := range testCases { + t.Run(c.name, func(t *testing.T) { + initObjs := []crtclient.Object{&c.appSet} + for _, a := range c.existsApps { + err = controllerutil.SetControllerReference(&c.appSet, &a, scheme) + assert.Nil(t, err) + initObjs = append(initObjs, &a) + } - err = r.createInCluster(context.TODO(), c.appSet, c.apps) - assert.Nil(t, err) + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(initObjs...).Build() - for _, obj := range c.expected { - got := &v1alpha1.Application{} - _ = client.Get(context.Background(), crtclient.ObjectKey{ - Namespace: obj.Namespace, - Name: obj.Name, - }, got) + r := ApplicationSetReconciler{ + Client: client, + Scheme: scheme, + Recorder: record.NewFakeRecorder(len(initObjs) + len(c.expected)), + } - err = controllerutil.SetControllerReference(&c.appSet, &obj, r.Scheme) + err = r.createInCluster(context.TODO(), c.appSet, c.apps) assert.Nil(t, err) - assert.Equal(t, obj, *got) - } - } + for _, obj := range c.expected { + got := &v1alpha1.Application{} + _ = client.Get(context.Background(), crtclient.ObjectKey{ + Namespace: obj.Namespace, + Name: obj.Name, + }, got) + err = controllerutil.SetControllerReference(&c.appSet, &obj, r.Scheme) + assert.Nil(t, err) + + assert.Equal(t, obj, *got) + } + }) + } } func TestDeleteInCluster(t *testing.T) { diff --git a/util/argo/argo.go b/util/argo/argo.go index a91b64a1e51d1..9b08d3aeeb847 100644 --- a/util/argo/argo.go +++ b/util/argo/argo.go @@ -856,7 +856,8 @@ func NormalizeApplicationSpec(spec *argoappv1.ApplicationSpec) *argoappv1.Applic for _, source := range spec.Sources { NormalizeSource(&source) } - } else { + } else if spec.Source != nil { + // In practice, spec.Source should never be nil. NormalizeSource(spec.Source) } return spec From 657df211a08c5cc8fd2bfa1c77c751efbc19b0ad Mon Sep 17 00:00:00 2001 From: Noah Elzner <78953604+enteraga6@users.noreply.github.com> Date: Mon, 17 Jul 2023 08:56:49 -0700 Subject: [PATCH 015/105] chore: Generate SLSA provenance for SBOM (#14438) (#14507) * Add provenance generation for sbom Signed-off-by: Noah Elzner <78953604+enteraga6@users.noreply.github.com> * upload SBOM Signed-off-by: Noah Elzner <78953604+enteraga6@users.noreply.github.com> * Remove cosign setup Signed-off-by: Noah Elzner <78953604+enteraga6@users.noreply.github.com> * include hashes in generate-sbom output Signed-off-by: Noah Elzner <78953604+enteraga6@users.noreply.github.com> * Replace Cosign Verification command with SLSA command in docs Signed-off-by: Noah Elzner <78953604+enteraga6@users.noreply.github.com> * Remove id-token write permission - no longer needed Signed-off-by: Noah Elzner <78953604+enteraga6@users.noreply.github.com> --------- Signed-off-by: Noah Elzner <78953604+enteraga6@users.noreply.github.com> --- .github/workflows/release.yaml | 47 ++++++++++++------- docs/operator-manual/signed-release-assets.md | 10 ++-- 2 files changed, 35 insertions(+), 22 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b504ba6424588..4848a6dfa4605 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -127,13 +127,14 @@ jobs: upload-assets: true generate-sbom: - name: Create Sbom and sign assets + name: Create SBOM and generate hash needs: - argocd-image - goreleaser permissions: contents: write # Needed for release uploads - id-token: write # Needed for signing Sbom + outputs: + hashes: ${{ steps.sbom-hash.outputs.hashes}} if: github.repository == 'argoproj/argo-cd' runs-on: ubuntu-22.04 steps: @@ -148,11 +149,6 @@ jobs: with: go-version: ${{ env.GOLANG_VERSION }} - - name: Install cosign - uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1 - with: - cosign-release: 'v2.0.0' - - name: Generate SBOM (spdx) id: spdx-builder env: @@ -182,23 +178,38 @@ jobs: fi cd /tmp && tar -zcf sbom.tar.gz *.spdx - - - name: Sign SBOM + + - name: Generate SBOM hash + shell: bash + id: sbom-hash run: | - cosign sign-blob \ - --output-certificate=/tmp/sbom.tar.gz.pem \ - --output-signature=/tmp/sbom.tar.gz.sig \ - -y \ - /tmp/sbom.tar.gz - - - name: Upload SBOM and signature assets + # sha256sum generates sha256 hash for sbom. + # base64 -w0 encodes to base64 and outputs on a single line. + # sha256sum /tmp/sbom.tar.gz ... | base64 -w0 + echo "hashes=$(sha256sum /tmp/sbom.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT" + + - name: Upload SBOM uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: files: | - /tmp/sbom.tar.* - + /tmp/sbom.tar.gz + + sbom-provenance: + needs: [generate-sbom] + permissions: + actions: read # for detecting the Github Actions environment + id-token: write # Needed for provenance signing and ID + contents: write # Needed for release uploads + if: github.repository == 'argoproj/argo-cd' + # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 + with: + base64-subjects: "${{ needs.generate-sbom.outputs.hashes }}" + provenance-name: "argocd-sbom.intoto.jsonl" + upload-assets: true + post-release: needs: - argocd-image diff --git a/docs/operator-manual/signed-release-assets.md b/docs/operator-manual/signed-release-assets.md index 4944f70ac1cb8..9aec6bb071047 100644 --- a/docs/operator-manual/signed-release-assets.md +++ b/docs/operator-manual/signed-release-assets.md @@ -136,11 +136,13 @@ slsa-verifier verify-artifact argocd-linux-amd64 \ ## Verification of Sbom +A single attestation (`argocd-sbom.intoto.jsonl`) from each release is provided along with the sbom (`sbom.tar.gz`). This can be used with [slsa-verifier](https://github.com/slsa-framework/slsa-verifier#verification-for-github-builders) to verify that the SBOM was generated using Argo CD workflows on GitHub and ensures it was cryptographically signed. + ```bash -cosign verify-blob --signature sbom.tar.gz.sig --certificate sbom.tar.gz.pem \ ---certificate-identity-regexp ^https://github.com/argoproj/argo-cd/.github/workflows/release.yaml@refs/tags/v \ ---certificate-oidc-issuer https://token.actions.githubusercontent.com \ - ~/Downloads/sbom.tar.gz | jq +slsa-verifier verify-artifact sbom.tar.gz \ + --provenance-path argocd-sbom.intoto.jsonl \ + --source-uri github.com/argoproj/argo-cd \ + --source-tag v2.7.0 ``` *** From ff92e60102fa016114a59e8d95b429cf917e264c Mon Sep 17 00:00:00 2001 From: Alexander Matyushentsev Date: Mon, 17 Jul 2023 18:59:56 +0300 Subject: [PATCH 016/105] fix: 'argocd-server-tls' Secret should be loaded from informer (#14522) Signed-off-by: Alexander Matyushentsev --- util/settings/settings.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/settings/settings.go b/util/settings/settings.go index c85ed3329361b..04cd773f1f3e4 100644 --- a/util/settings/settings.go +++ b/util/settings/settings.go @@ -1504,7 +1504,7 @@ func (mgr *SettingsManager) updateSettingsFromSecret(settings *ArgoCDSettings, a // return values are nil, no external secret has been configured. func (mgr *SettingsManager) externalServerTLSCertificate() (*tls.Certificate, error) { var cert tls.Certificate - secret, err := mgr.clientset.CoreV1().Secrets(mgr.namespace).Get(mgr.ctx, externalServerTLSSecretName, metav1.GetOptions{}) + secret, err := mgr.secrets.Secrets(mgr.namespace).Get(externalServerTLSSecretName) if err != nil { if apierr.IsNotFound(err) { return nil, nil From 9c0c6bcc17a9134397974649f353563c546c730b Mon Sep 17 00:00:00 2001 From: Yuan Tang Date: Mon, 17 Jul 2023 12:54:49 -0400 Subject: [PATCH 017/105] chore: Print in-cluster svr addr disabled warning during ArgoDB initialization (#14539) * chore: Print in-cluster svr addr disabled warning during ArgoDB initialization Signed-off-by: Yuan Tang * fix: undo a change Signed-off-by: Yuan Tang * chore: move to a function Signed-off-by: Yuan Tang * chore: rename Signed-off-by: Yuan Tang --------- Signed-off-by: Yuan Tang --- util/db/cluster.go | 2 -- util/db/db.go | 29 ++++++++++++++++++++++++++++- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/util/db/cluster.go b/util/db/cluster.go index b046e3d1010b9..df1644e0dbbb9 100644 --- a/util/db/cluster.go +++ b/util/db/cluster.go @@ -77,8 +77,6 @@ func (db *db) ListClusters(ctx context.Context) (*appv1.ClusterList, error) { if inClusterEnabled { hasInClusterCredentials = true clusterList.Items = append(clusterList.Items, *cluster) - } else { - log.Warnf("failed to add cluster %q to cluster list: in-cluster server address is disabled in Argo CD settings", cluster.Name) } } else { clusterList.Items = append(clusterList.Items, *cluster) diff --git a/util/db/db.go b/util/db/db.go index 05ae38e75bb84..f66cf65dc9c47 100644 --- a/util/db/db.go +++ b/util/db/db.go @@ -4,9 +4,11 @@ import ( "context" "strings" + log "github.com/sirupsen/logrus" v1 "k8s.io/api/core/v1" "k8s.io/client-go/kubernetes" + "github.com/argoproj/argo-cd/v2/common" appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/settings" ) @@ -93,11 +95,36 @@ type db struct { // NewDB returns a new instance of the argo database func NewDB(namespace string, settingsMgr *settings.SettingsManager, kubeclientset kubernetes.Interface) ArgoDB { - return &db{ + dbInstance := db{ settingsMgr: settingsMgr, ns: namespace, kubeclientset: kubeclientset, } + dbInstance.logInClusterWarning() + return &dbInstance +} + +func (db *db) logInClusterWarning() { + clusterSecrets, err := db.listSecretsByType(common.LabelValueSecretTypeCluster) + if err != nil { + log.WithError(err).Errorln("could not list secrets by type") + } + dbSettings, err := db.settingsMgr.GetSettings() + if err != nil { + log.WithError(err).Errorln("could not get DB settings") + } + for _, clusterSecret := range clusterSecrets { + cluster, err := secretToCluster(clusterSecret) + if err != nil { + log.Errorf("could not unmarshal cluster secret %s", clusterSecret.Name) + continue + } + if cluster.Server == appv1.KubernetesInternalAPIServerAddr { + if !dbSettings.InClusterEnabled { + log.Warnf("cluster %q uses in-cluster server address but it's disabled in Argo CD settings", cluster.Name) + } + } + } } func (db *db) getSecret(name string, cache map[string]*v1.Secret) (*v1.Secret, error) { From a57786657bc26f66e55fb30b66463fe18625459d Mon Sep 17 00:00:00 2001 From: Dimitar Georgievski Date: Mon, 17 Jul 2023 12:55:40 -0400 Subject: [PATCH 018/105] docs: Correct example ClusterRole to allow Events in any namespace (#14544) Fixes: #14477 Signed-off-by: Dimitar Georgievski --- .../argocd-server-rbac-clusterrole.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/examples/k8s-rbac/argocd-server-applications/argocd-server-rbac-clusterrole.yaml b/examples/k8s-rbac/argocd-server-applications/argocd-server-rbac-clusterrole.yaml index 20e93dbada6d2..a8d6c021c4e2e 100644 --- a/examples/k8s-rbac/argocd-server-applications/argocd-server-rbac-clusterrole.yaml +++ b/examples/k8s-rbac/argocd-server-applications/argocd-server-rbac-clusterrole.yaml @@ -7,6 +7,12 @@ metadata: app.kubernetes.io/component: server name: argocd-server-cluster-apps rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create - apiGroups: - "argoproj.io" resources: From 15eeb307eb03191e7581d8e616072de4fd4b20e0 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Mon, 17 Jul 2023 14:52:50 -0400 Subject: [PATCH 019/105] fix(controller): populate ignoreDifferences in sync status (#14542) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- controller/appcontroller_test.go | 8 +++++--- controller/state.go | 16 +++++++++------- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go index 439fe233e7ce5..a849c3bd292ca 100644 --- a/controller/appcontroller_test.go +++ b/controller/appcontroller_test.go @@ -950,7 +950,8 @@ func TestNeedRefreshAppStatus(t *testing.T) { app.Status.Sync = v1alpha1.SyncStatus{ Status: v1alpha1.SyncStatusCodeSynced, ComparedTo: v1alpha1.ComparedTo{ - Destination: app.Spec.Destination, + Destination: app.Spec.Destination, + IgnoreDifferences: app.Spec.IgnoreDifferences, }, } @@ -1019,7 +1020,8 @@ func TestNeedRefreshAppStatus(t *testing.T) { app.Status.Sync = v1alpha1.SyncStatus{ Status: v1alpha1.SyncStatusCodeSynced, ComparedTo: v1alpha1.ComparedTo{ - Destination: app.Spec.Destination, + Destination: app.Spec.Destination, + IgnoreDifferences: app.Spec.IgnoreDifferences, }, } if app.Spec.HasMultipleSources() { @@ -1214,7 +1216,7 @@ func TestUpdateReconciledAt(t *testing.T) { app := newFakeApp() reconciledAt := metav1.NewTime(time.Now().Add(-1 * time.Second)) app.Status = v1alpha1.ApplicationStatus{ReconciledAt: &reconciledAt} - app.Status.Sync = v1alpha1.SyncStatus{ComparedTo: v1alpha1.ComparedTo{Source: app.Spec.GetSource(), Destination: app.Spec.Destination}} + app.Status.Sync = v1alpha1.SyncStatus{ComparedTo: v1alpha1.ComparedTo{Source: app.Spec.GetSource(), Destination: app.Spec.Destination, IgnoreDifferences: app.Spec.IgnoreDifferences}} ctrl := newFakeController(&fakeData{ apps: []runtime.Object{app, &defaultProj}, manifestResponse: &apiclient.ManifestResponse{ diff --git a/controller/state.go b/controller/state.go index 9e6bdf9e44d09..0d28f9e41bf76 100644 --- a/controller/state.go +++ b/controller/state.go @@ -351,7 +351,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 if hasMultipleSources { return &comparisonResult{ syncStatus: &v1alpha1.SyncStatus{ - ComparedTo: v1alpha1.ComparedTo{Destination: app.Spec.Destination, Sources: sources}, + ComparedTo: v1alpha1.ComparedTo{Destination: app.Spec.Destination, Sources: sources, IgnoreDifferences: app.Spec.IgnoreDifferences}, Status: v1alpha1.SyncStatusCodeUnknown, Revisions: revisions, }, @@ -360,7 +360,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 } else { return &comparisonResult{ syncStatus: &v1alpha1.SyncStatus{ - ComparedTo: v1alpha1.ComparedTo{Source: sources[0], Destination: app.Spec.Destination}, + ComparedTo: v1alpha1.ComparedTo{Source: sources[0], Destination: app.Spec.Destination, IgnoreDifferences: app.Spec.IgnoreDifferences}, Status: v1alpha1.SyncStatusCodeUnknown, Revision: revisions[0], }, @@ -506,7 +506,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 // restore comparison using cached diff result if previous comparison was performed for the same revision revisionChanged := len(manifestInfos) != len(sources) || !reflect.DeepEqual(app.Status.Sync.Revisions, manifestRevisions) - specChanged := !reflect.DeepEqual(app.Status.Sync.ComparedTo, v1alpha1.ComparedTo{Source: app.Spec.GetSource(), Destination: app.Spec.Destination, Sources: sources}) + specChanged := !reflect.DeepEqual(app.Status.Sync.ComparedTo, v1alpha1.ComparedTo{Source: app.Spec.GetSource(), Destination: app.Spec.Destination, Sources: sources, IgnoreDifferences: app.Spec.IgnoreDifferences}) _, refreshRequested := app.IsRefreshRequested() noCache = noCache || refreshRequested || app.Status.Expired(m.statusRefreshTimeout) || specChanged || revisionChanged @@ -647,8 +647,9 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 if hasMultipleSources { syncStatus = v1alpha1.SyncStatus{ ComparedTo: v1alpha1.ComparedTo{ - Destination: app.Spec.Destination, - Sources: sources, + Destination: app.Spec.Destination, + Sources: sources, + IgnoreDifferences: app.Spec.IgnoreDifferences, }, Status: syncCode, Revisions: manifestRevisions, @@ -656,8 +657,9 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 } else { syncStatus = v1alpha1.SyncStatus{ ComparedTo: v1alpha1.ComparedTo{ - Destination: app.Spec.Destination, - Source: app.Spec.GetSource(), + Destination: app.Spec.Destination, + Source: app.Spec.GetSource(), + IgnoreDifferences: app.Spec.IgnoreDifferences, }, Status: syncCode, Revision: revision, From 462dffc0b7532782a775f5f7fd65ec745dc8b141 Mon Sep 17 00:00:00 2001 From: Yuan Tang Date: Mon, 17 Jul 2023 21:42:02 -0400 Subject: [PATCH 020/105] fix: Correct pod log viewer to support short log lines. Fixes #14402 (#14543) Signed-off-by: Yuan Tang --- .../applications/components/pod-logs-viewer/pod-logs-viewer.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx b/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx index 72629d306e902..2eaf8103fcb63 100644 --- a/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx +++ b/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx @@ -194,7 +194,7 @@ export const PodsLogsViewer = (props: PodLogsProps) => { Date: Tue, 18 Jul 2023 17:37:27 +0300 Subject: [PATCH 021/105] fix(server): not need send application if it is not under enabled namespaces (#14479) * fix: not need send application if it is not under enabled namespaces * fix condition * feat: Move application is permitted outside of watch function and cover with unit tests * feat: Move application is permitted outside of watch function and cover with unit tests --- server/application/application.go | 44 +++++++++++++-------- server/application/application_test.go | 53 ++++++++++++++++++++++++++ 2 files changed, 81 insertions(+), 16 deletions(-) diff --git a/server/application/application.go b/server/application/application.go index 4bf9a858ef4db..ec5516dac6d2b 100644 --- a/server/application/application.go +++ b/server/application/application.go @@ -50,7 +50,6 @@ import ( "github.com/argoproj/argo-cd/v2/util/db" "github.com/argoproj/argo-cd/v2/util/env" "github.com/argoproj/argo-cd/v2/util/git" - "github.com/argoproj/argo-cd/v2/util/glob" ioutil "github.com/argoproj/argo-cd/v2/util/io" "github.com/argoproj/argo-cd/v2/util/lua" "github.com/argoproj/argo-cd/v2/util/manifeststream" @@ -225,7 +224,7 @@ func (s *Server) List(ctx context.Context, q *application.ApplicationQuery) (*ap for _, a := range filteredApps { // Skip any application that is neither in the control plane's namespace // nor in the list of enabled namespaces. - if a.Namespace != s.ns && !glob.MatchStringInList(s.enabledNamespaces, a.Namespace, false) { + if !s.isNamespaceEnabled(a.Namespace) { continue } if s.enf.Enforce(ctx.Value("claims"), rbacpolicy.ResourceApplications, rbacpolicy.ActionGet, a.RBACName(s.ns)) { @@ -986,6 +985,31 @@ func (s *Server) Delete(ctx context.Context, q *application.ApplicationDeleteReq return &application.ApplicationResponse{}, nil } +func (s *Server) isApplicationPermitted(selector labels.Selector, minVersion int, claims any, appName, appNs string, projects map[string]bool, a appv1.Application) bool { + if len(projects) > 0 && !projects[a.Spec.GetProject()] { + return false + } + + if appVersion, err := strconv.Atoi(a.ResourceVersion); err == nil && appVersion < minVersion { + return false + } + matchedEvent := (appName == "" || (a.Name == appName && a.Namespace == appNs)) && selector.Matches(labels.Set(a.Labels)) + if !matchedEvent { + return false + } + + if !s.isNamespaceEnabled(a.Namespace) { + return false + } + + if !s.enf.Enforce(claims, rbacpolicy.ResourceApplications, rbacpolicy.ActionGet, a.RBACName(s.ns)) { + // do not emit apps user does not have accessing + return false + } + + return true +} + func (s *Server) Watch(q *application.ApplicationQuery, ws application.ApplicationService_WatchServer) error { appName := q.GetName() appNs := s.appNamespaceOrDefault(q.GetAppNamespace()) @@ -1012,20 +1036,8 @@ func (s *Server) Watch(q *application.ApplicationQuery, ws application.Applicati // sendIfPermitted is a helper to send the application to the client's streaming channel if the // caller has RBAC privileges permissions to view it sendIfPermitted := func(a appv1.Application, eventType watch.EventType) { - if len(projects) > 0 && !projects[a.Spec.GetProject()] { - return - } - - if appVersion, err := strconv.Atoi(a.ResourceVersion); err == nil && appVersion < minVersion { - return - } - matchedEvent := (appName == "" || (a.Name == appName && a.Namespace == appNs)) && selector.Matches(labels.Set(a.Labels)) - if !matchedEvent { - return - } - - if !s.enf.Enforce(claims, rbacpolicy.ResourceApplications, rbacpolicy.ActionGet, a.RBACName(s.ns)) { - // do not emit apps user does not have accessing + permitted := s.isApplicationPermitted(selector, minVersion, claims, appName, appNs, projects, a) + if !permitted { return } s.inferResourcesStatusHealth(&a) diff --git a/server/application/application_test.go b/server/application/application_test.go index 3bc4903e9d2dc..de647bfede4c8 100644 --- a/server/application/application_test.go +++ b/server/application/application_test.go @@ -5,6 +5,7 @@ import ( coreerrors "errors" "fmt" "io" + "k8s.io/apimachinery/pkg/labels" "strconv" "sync/atomic" "testing" @@ -2235,3 +2236,55 @@ func TestRunOldStyleResourceAction(t *testing.T) { assert.NotNil(t, appResponse) }) } + +func TestIsApplicationPermitted(t *testing.T) { + t.Run("Incorrect project", func(t *testing.T) { + testApp := newTestApp() + appServer := newTestAppServer(t, testApp) + projects := map[string]bool{"test-app": false} + permitted := appServer.isApplicationPermitted(labels.Everything(), 0, nil, "test", "default", projects, *testApp) + assert.False(t, permitted) + }) + + t.Run("Version is incorrect", func(t *testing.T) { + testApp := newTestApp() + appServer := newTestAppServer(t, testApp) + minVersion := 100000 + testApp.ResourceVersion = strconv.Itoa(minVersion - 1) + permitted := appServer.isApplicationPermitted(labels.Everything(), minVersion, nil, "test", "default", nil, *testApp) + assert.False(t, permitted) + }) + + t.Run("Application name is incorrect", func(t *testing.T) { + testApp := newTestApp() + appServer := newTestAppServer(t, testApp) + appName := "test" + permitted := appServer.isApplicationPermitted(labels.Everything(), 0, nil, appName, "default", nil, *testApp) + assert.False(t, permitted) + }) + + t.Run("Application namespace is incorrect", func(t *testing.T) { + testApp := newTestApp() + appServer := newTestAppServer(t, testApp) + permitted := appServer.isApplicationPermitted(labels.Everything(), 0, nil, testApp.Name, "demo", nil, *testApp) + assert.False(t, permitted) + }) + + t.Run("Application is not part of enabled namespace", func(t *testing.T) { + testApp := newTestApp() + appServer := newTestAppServer(t, testApp) + appServer.ns = "server-ns" + appServer.enabledNamespaces = []string{"demo"} + permitted := appServer.isApplicationPermitted(labels.Everything(), 0, nil, testApp.Name, testApp.Namespace, nil, *testApp) + assert.False(t, permitted) + }) + + t.Run("Application is part of enabled namespace", func(t *testing.T) { + testApp := newTestApp() + appServer := newTestAppServer(t, testApp) + appServer.ns = "server-ns" + appServer.enabledNamespaces = []string{testApp.Namespace} + permitted := appServer.isApplicationPermitted(labels.Everything(), 0, nil, testApp.Name, testApp.Namespace, nil, *testApp) + assert.True(t, permitted) + }) +} From fcbd4c2bbbc7de40842b5c7d13d75bb8a7de5a7a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Jul 2023 10:43:27 -0400 Subject: [PATCH 022/105] chore(deps): bump github.com/casbin/casbin/v2 from 2.71.1 to 2.72.1 (#14564) Bumps [github.com/casbin/casbin/v2](https://github.com/casbin/casbin) from 2.71.1 to 2.72.1. - [Release notes](https://github.com/casbin/casbin/releases) - [Changelog](https://github.com/casbin/casbin/blob/master/.releaserc.json) - [Commits](https://github.com/casbin/casbin/compare/v2.71.1...v2.72.1) --- updated-dependencies: - dependency-name: github.com/casbin/casbin/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 5 ++++- go.sum | 11 ++++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index dd23b9f79bde0..f71597920dd57 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 - github.com/casbin/casbin/v2 v2.71.1 + github.com/casbin/casbin/v2 v2.72.1 github.com/coreos/go-oidc/v3 v3.6.0 github.com/cyphar/filepath-securejoin v0.2.3 github.com/dustin/go-humanize v1.0.1 @@ -105,6 +105,9 @@ require ( ) require ( + github.com/tidwall/gjson v1.14.4 // indirect + github.com/tidwall/match v1.1.1 // indirect + github.com/tidwall/pretty v1.2.0 // indirect google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect ) diff --git a/go.sum b/go.sum index fbce6342ebef4..4ee2ab5e2b3d9 100644 --- a/go.sum +++ b/go.sum @@ -746,8 +746,8 @@ github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7N github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= -github.com/casbin/casbin/v2 v2.71.1 h1:LRHyqM0S1LzM/K59PmfUIN0ZJfLgcOjL4OhOQI/FNXU= -github.com/casbin/casbin/v2 v2.71.1/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg= +github.com/casbin/casbin/v2 v2.72.1 h1:AF6JM0pvyi+tRyudiyTI/rF08RvBZ4NV897kk82CCZs= +github.com/casbin/casbin/v2 v2.72.1/go.mod h1:mzGx0hYW9/ksOSpw3wNjk3NRAroq5VMFYUQ6G43iGPk= github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= @@ -1763,8 +1763,13 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4= +github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM= +github.com/tidwall/gjson v1.14.4/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= +github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= +github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= +github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= From 1f88d02848ea7aa79be1d0c02c65b2f2c1693d75 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Jul 2023 16:01:16 +0000 Subject: [PATCH 023/105] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.300 to 1.44.301 (#14565) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.300 to 1.44.301. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.300...v1.44.301) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f71597920dd57..65b0957ad9c1b 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230607163028-425d65e07695 github.com/argoproj/notifications-engine v0.4.1-0.20230620204159-3446d4ae8520 github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 - github.com/aws/aws-sdk-go v1.44.300 + github.com/aws/aws-sdk-go v1.44.301 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 diff --git a/go.sum b/go.sum index 4ee2ab5e2b3d9..95f7983b428fe 100644 --- a/go.sum +++ b/go.sum @@ -716,8 +716,8 @@ github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.300 h1:Zn+3lqgYahIf9yfrwZ+g+hq/c3KzUBaQ8wqY/ZXiAbY= -github.com/aws/aws-sdk-go v1.44.300/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.301 h1:VofuXktwHFTBUvoPiHxQis/3uKgu0RtgUwLtNujd3Zs= +github.com/aws/aws-sdk-go v1.44.301/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= From dd800ec119d2dbdd102b9f950d41d7e58f858f13 Mon Sep 17 00:00:00 2001 From: Rami <72725910+ramikg@users.noreply.github.com> Date: Tue, 18 Jul 2023 20:29:38 +0300 Subject: [PATCH 024/105] fix: Remove executable bit from default file mode (#14497) * Fix file/directory opening mode Signed-off-by: ramikg <72725910+ramikg@users.noreply.github.com> * Fix TestUntgz/preserves_file_mode Signed-off-by: ramikg <72725910+ramikg@users.noreply.github.com> * Mention file mode fix in 2.7-2.8 release docs Signed-off-by: ramikg <72725910+ramikg@users.noreply.github.com> --------- Signed-off-by: ramikg <72725910+ramikg@users.noreply.github.com> --- docs/operator-manual/upgrading/2.7-2.8.md | 5 +++++ util/io/files/tar.go | 14 +++++++++----- util/io/files/tar_test.go | 2 +- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/docs/operator-manual/upgrading/2.7-2.8.md b/docs/operator-manual/upgrading/2.7-2.8.md index 12622642d5eff..8ee91cdf984c6 100644 --- a/docs/operator-manual/upgrading/2.7-2.8.md +++ b/docs/operator-manual/upgrading/2.7-2.8.md @@ -65,3 +65,8 @@ p, role:action-runner, applications, action/argoproj.io/WorkflowTemplate/create- p, role:action-runner, applications, action/argoproj.io/CronWorkflow/create-workflow, *, allow p, role:action-runner, applications, action/batch/CronJob/create-job, *, allow ``` + +## Change default file open mode + +In version 2.7, the CMP plugin was changed to open Git/Helm files with all executable bits set (unless `preserveFileMode` was specified). +Version 2.8 removes the executable bits in cases where they are not necessary. diff --git a/util/io/files/tar.go b/util/io/files/tar.go index 91b743e0c4704..13973f732fe72 100644 --- a/util/io/files/tar.go +++ b/util/io/files/tar.go @@ -90,13 +90,12 @@ func Untgz(dstPath string, r io.Reader, maxSize int64, preserveFileMode bool) er return fmt.Errorf("illegal filepath in archive: %s", target) } - var mode os.FileMode = 0755 - if preserveFileMode { - mode = os.FileMode(header.Mode) - } - switch header.Typeflag { case tar.TypeDir: + var mode os.FileMode = 0755 + if preserveFileMode { + mode = os.FileMode(header.Mode) + } err := os.MkdirAll(target, mode) if err != nil { return fmt.Errorf("error creating nested folders: %w", err) @@ -118,6 +117,11 @@ func Untgz(dstPath string, r io.Reader, maxSize int64, preserveFileMode bool) er return fmt.Errorf("error creating symlink: %s", err) } case tar.TypeReg: + var mode os.FileMode = 0644 + if preserveFileMode { + mode = os.FileMode(header.Mode) + } + err := os.MkdirAll(filepath.Dir(target), 0755) if err != nil { return fmt.Errorf("error creating nested folders: %w", err) diff --git a/util/io/files/tar_test.go b/util/io/files/tar_test.go index 7c08246c72962..1817fa5ce9353 100644 --- a/util/io/files/tar_test.go +++ b/util/io/files/tar_test.go @@ -216,7 +216,7 @@ func TestUntgz(t *testing.T) { scriptFileInfo, err := os.Stat(path.Join(destDir, "script.sh")) require.NoError(t, err) - assert.Equal(t, os.FileMode(0755), scriptFileInfo.Mode()) + assert.Equal(t, os.FileMode(0644), scriptFileInfo.Mode()) }) } From 12a5a7a70d6e26eb373741850669b95fff51ebcb Mon Sep 17 00:00:00 2001 From: schakrad <58915923+schakrad@users.noreply.github.com> Date: Tue, 18 Jul 2023 13:07:44 -0700 Subject: [PATCH 025/105] fix(cli): argocd CLI RBAC validation doesn't work on actions (#13911) (#14578) * #11602 fix : Object options menu truncated when selected in ApplicationListView. Signed-off-by: schakradari * #11602 fix : Object options menu truncated when selected in ApplicationListView. Signed-off-by: schakradari * changes for argocd_rbac Signed-off-by: schakrad --------- Signed-off-by: schakradari Signed-off-by: schakrad Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- cmd/argocd/commands/admin/settings_rbac.go | 4 ++++ cmd/argocd/commands/admin/settings_rbac_test.go | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/cmd/argocd/commands/admin/settings_rbac.go b/cmd/argocd/commands/admin/settings_rbac.go index 6164aa910a6e4..8d94feeaad466 100644 --- a/cmd/argocd/commands/admin/settings_rbac.go +++ b/cmd/argocd/commands/admin/settings_rbac.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "os" + "strings" log "github.com/sirupsen/logrus" "github.com/spf13/cobra" @@ -373,6 +374,9 @@ func resolveRBACResourceName(name string) string { // isValidRBACAction checks whether a given action is a valid RBAC action func isValidRBACAction(action string) bool { + if strings.HasPrefix(action, rbacpolicy.ActionAction+"/") { + return true + } _, ok := validRBACActions[action] return ok } diff --git a/cmd/argocd/commands/admin/settings_rbac_test.go b/cmd/argocd/commands/admin/settings_rbac_test.go index e53a5ed6da1f9..a4b4b437e114c 100644 --- a/cmd/argocd/commands/admin/settings_rbac_test.go +++ b/cmd/argocd/commands/admin/settings_rbac_test.go @@ -27,6 +27,11 @@ func Test_isValidRBACAction(t *testing.T) { }) } +func Test_isValidRBACAction_ActionAction(t *testing.T) { + ok := isValidRBACAction("action/apps/Deployment/restart") + assert.True(t, ok) +} + func Test_isValidRBACResource(t *testing.T) { for k := range validRBACResources { t.Run(k, func(t *testing.T) { From 6f5d5ca8101ebac827246679dd46eb3bbb4f8f0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lukas=20W=C3=B6hrl?= Date: Tue, 18 Jul 2023 22:34:16 +0200 Subject: [PATCH 026/105] fix(cli): allow argocd cli app command for multi source apps (#14256) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Lukas Wöhrl --- cmd/argocd/commands/app.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go index f45efb427053c..82af6f7e3b004 100644 --- a/cmd/argocd/commands/app.go +++ b/cmd/argocd/commands/app.go @@ -1661,8 +1661,15 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co errors.CheckError(err) if app.Spec.HasMultipleSources() { - log.Fatal("argocd cli does not work on multi-source app") - return + if revision != "" { + log.Fatal("argocd cli does not work on multi-source app with --revision flag") + return + } + + if local != "" { + log.Fatal("argocd cli does not work on multi-source app with --local flag") + return + } } // filters out only those resources that needs to be synced From 208852c4def4ab2fa6bdf2ceaa70e8bd1168d735 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Wed, 19 Jul 2023 09:22:28 -0400 Subject: [PATCH 027/105] fix(api): return 404 when the app is not found if a project is specified (#13393) (#13394) * fix(api): return 404 when the app is not found if a project is specified (#13393) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> simplify, respond 404 on project specified but doesn't match, always fetch app Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> handle project updates Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * handle new endpoint, fix bad merge Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * docs Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- assets/swagger.json | 117 ++ docs/developer-guide/api-docs.md | 17 +- pkg/apiclient/application/application.pb.go | 1371 ++++++++++++++++--- server/application/application.go | 130 +- server/application/application.proto | 25 +- server/application/application_test.go | 59 +- 6 files changed, 1491 insertions(+), 228 deletions(-) diff --git a/assets/swagger.json b/assets/swagger.json index f8a7b3208793d..38d98c3460b35 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -401,6 +401,11 @@ "type": "boolean", "name": "validate", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -462,6 +467,11 @@ "type": "string", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -523,6 +533,11 @@ "type": "string", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -649,6 +664,11 @@ "type": "string", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -737,6 +757,11 @@ "type": "string", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -773,6 +798,11 @@ "type": "string", "name": "namespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -885,6 +915,11 @@ "type": "string", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -935,6 +970,11 @@ "type": "string", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -971,6 +1011,11 @@ "type": "string", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -1084,6 +1129,11 @@ "type": "string", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -1154,6 +1204,11 @@ "type": "string", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -1226,6 +1281,11 @@ "type": "string", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -1295,6 +1355,11 @@ "type": "string", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -1356,6 +1421,11 @@ "type": "string", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -1423,6 +1493,11 @@ "type": "string", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -1484,6 +1559,11 @@ "type": "string", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -1529,6 +1609,11 @@ "description": "the application's namespace.", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -1574,6 +1659,11 @@ "description": "the application's namespace.", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -1662,6 +1752,11 @@ "type": "string", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -1737,6 +1832,11 @@ "type": "string", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -3833,6 +3933,11 @@ "type": "string", "name": "appNamespace", "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" } ], "responses": { @@ -3998,6 +4103,9 @@ }, "name": { "type": "string" + }, + "project": { + "type": "string" } } }, @@ -4027,6 +4135,9 @@ }, "patchType": { "type": "string" + }, + "project": { + "type": "string" } } }, @@ -4057,6 +4168,9 @@ "name": { "type": "string" }, + "project": { + "type": "string" + }, "prune": { "type": "boolean" } @@ -4087,6 +4201,9 @@ "name": { "type": "string" }, + "project": { + "type": "string" + }, "prune": { "type": "boolean" }, diff --git a/docs/developer-guide/api-docs.md b/docs/developer-guide/api-docs.md index 7b4b44bf9269e..289e4d466652e 100644 --- a/docs/developer-guide/api-docs.md +++ b/docs/developer-guide/api-docs.md @@ -1,6 +1,6 @@ # API Docs -You can find the Swagger docs by setting the path to `/swagger-ui` in your Argo CD UI's. E.g. [http://localhost:8080/swagger-ui](http://localhost:8080/swagger-ui). +You can find the Swagger docs by setting the path to `/swagger-ui` in your Argo CD UI. E.g. [http://localhost:8080/swagger-ui](http://localhost:8080/swagger-ui). ## Authorization @@ -17,4 +17,17 @@ Then pass using the HTTP `Authorization` header, prefixing with `Bearer `: $ curl $ARGOCD_SERVER/api/v1/applications -H "Authorization: Bearer $ARGOCD_TOKEN" {"metadata":{"selfLink":"/apis/argoproj.io/v1alpha1/namespaces/argocd/applications","resourceVersion":"37755"},"items":...} ``` - + +## Services + +### Applications API + +#### How to Avoid 403 Errors for Missing Applications + +All endpoints of the Applications API accept an optional `project` query string parameter. If the parameter is +specified, and the specified Application does not exist, or if the Application does exist but is not in the given +project, the API will return a `404` error. + +If the `project` query string parameter is specified, and the Application does not exist, the API will return a `403` +error. This is to prevent leaking information about the existence of Applications to users who do not have access to +them. diff --git a/pkg/apiclient/application/application.pb.go b/pkg/apiclient/application/application.pb.go index 0035796551791..8fd016ee36f68 100644 --- a/pkg/apiclient/application/application.pb.go +++ b/pkg/apiclient/application/application.pb.go @@ -36,7 +36,11 @@ var _ = math.Inf // proto package needs to be updated. const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package -// ApplicationQuery is a query for application resources +// ApplicationQuery is a query for application resources. When getting multiple applications, the "projects" field acts +// as a filter. When getting a single application, you may specify either zero or one project. If you specify zero +// projects, the application will be returned regardless of which project it belongs to (assuming you have access). If +// you specify one project, the application will only be returned if it exists and belongs to the specified project. +// Otherwise you will receive a 404. type ApplicationQuery struct { // the application's name Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` @@ -211,6 +215,7 @@ type RevisionMetadataQuery struct { Revision *string `protobuf:"bytes,2,req,name=revision" json:"revision,omitempty"` // the application's namespace AppNamespace *string `protobuf:"bytes,3,opt,name=appNamespace" json:"appNamespace,omitempty"` + Project *string `protobuf:"bytes,4,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -270,6 +275,13 @@ func (m *RevisionMetadataQuery) GetAppNamespace() string { return "" } +func (m *RevisionMetadataQuery) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + // ApplicationEventsQuery is a query for application resource events type ApplicationResourceEventsQuery struct { Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` @@ -277,6 +289,7 @@ type ApplicationResourceEventsQuery struct { ResourceName *string `protobuf:"bytes,3,opt,name=resourceName" json:"resourceName,omitempty"` ResourceUID *string `protobuf:"bytes,4,opt,name=resourceUID" json:"resourceUID,omitempty"` AppNamespace *string `protobuf:"bytes,5,opt,name=appNamespace" json:"appNamespace,omitempty"` + Project *string `protobuf:"bytes,6,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -350,11 +363,19 @@ func (m *ApplicationResourceEventsQuery) GetAppNamespace() string { return "" } +func (m *ApplicationResourceEventsQuery) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + // ManifestQuery is a query for manifest resources type ApplicationManifestQuery struct { Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` Revision *string `protobuf:"bytes,2,opt,name=revision" json:"revision,omitempty"` AppNamespace *string `protobuf:"bytes,3,opt,name=appNamespace" json:"appNamespace,omitempty"` + Project *string `protobuf:"bytes,4,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -414,6 +435,13 @@ func (m *ApplicationManifestQuery) GetAppNamespace() string { return "" } +func (m *ApplicationManifestQuery) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + type FileChunk struct { Chunk []byte `protobuf:"bytes,1,req,name=chunk" json:"chunk,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` @@ -465,6 +493,7 @@ type ApplicationManifestQueryWithFiles struct { Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` Checksum *string `protobuf:"bytes,2,req,name=checksum" json:"checksum,omitempty"` AppNamespace *string `protobuf:"bytes,3,opt,name=appNamespace" json:"appNamespace,omitempty"` + Project *string `protobuf:"bytes,4,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -524,6 +553,13 @@ func (m *ApplicationManifestQueryWithFiles) GetAppNamespace() string { return "" } +func (m *ApplicationManifestQueryWithFiles) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + type ApplicationManifestQueryWithFilesWrapper struct { // Types that are valid to be assigned to Part: // *ApplicationManifestQueryWithFilesWrapper_Query @@ -721,6 +757,7 @@ func (m *ApplicationCreateRequest) GetValidate() bool { type ApplicationUpdateRequest struct { Application *v1alpha1.Application `protobuf:"bytes,1,req,name=application" json:"application,omitempty"` Validate *bool `protobuf:"varint,2,opt,name=validate" json:"validate,omitempty"` + Project *string `protobuf:"bytes,3,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -773,11 +810,19 @@ func (m *ApplicationUpdateRequest) GetValidate() bool { return false } +func (m *ApplicationUpdateRequest) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + type ApplicationDeleteRequest struct { Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` Cascade *bool `protobuf:"varint,2,opt,name=cascade" json:"cascade,omitempty"` PropagationPolicy *string `protobuf:"bytes,3,opt,name=propagationPolicy" json:"propagationPolicy,omitempty"` AppNamespace *string `protobuf:"bytes,4,opt,name=appNamespace" json:"appNamespace,omitempty"` + Project *string `protobuf:"bytes,5,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -844,6 +889,13 @@ func (m *ApplicationDeleteRequest) GetAppNamespace() string { return "" } +func (m *ApplicationDeleteRequest) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + type SyncOptions struct { Items []string `protobuf:"bytes,1,rep,name=items" json:"items,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` @@ -904,6 +956,7 @@ type ApplicationSyncRequest struct { RetryStrategy *v1alpha1.RetryStrategy `protobuf:"bytes,10,opt,name=retryStrategy" json:"retryStrategy,omitempty"` SyncOptions *SyncOptions `protobuf:"bytes,11,opt,name=syncOptions" json:"syncOptions,omitempty"` AppNamespace *string `protobuf:"bytes,12,opt,name=appNamespace" json:"appNamespace,omitempty"` + Project *string `protobuf:"bytes,13,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -1019,12 +1072,20 @@ func (m *ApplicationSyncRequest) GetAppNamespace() string { return "" } +func (m *ApplicationSyncRequest) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + // ApplicationUpdateSpecRequest is a request to update application spec type ApplicationUpdateSpecRequest struct { Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` Spec *v1alpha1.ApplicationSpec `protobuf:"bytes,2,req,name=spec" json:"spec,omitempty"` Validate *bool `protobuf:"varint,3,opt,name=validate" json:"validate,omitempty"` AppNamespace *string `protobuf:"bytes,4,opt,name=appNamespace" json:"appNamespace,omitempty"` + Project *string `protobuf:"bytes,5,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -1091,12 +1152,20 @@ func (m *ApplicationUpdateSpecRequest) GetAppNamespace() string { return "" } +func (m *ApplicationUpdateSpecRequest) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + // ApplicationPatchRequest is a request to patch an application type ApplicationPatchRequest struct { Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` Patch *string `protobuf:"bytes,2,req,name=patch" json:"patch,omitempty"` PatchType *string `protobuf:"bytes,3,req,name=patchType" json:"patchType,omitempty"` AppNamespace *string `protobuf:"bytes,5,opt,name=appNamespace" json:"appNamespace,omitempty"` + Project *string `protobuf:"bytes,6,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -1163,12 +1232,20 @@ func (m *ApplicationPatchRequest) GetAppNamespace() string { return "" } +func (m *ApplicationPatchRequest) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + type ApplicationRollbackRequest struct { Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` Id *int64 `protobuf:"varint,2,req,name=id" json:"id,omitempty"` DryRun *bool `protobuf:"varint,3,opt,name=dryRun" json:"dryRun,omitempty"` Prune *bool `protobuf:"varint,4,opt,name=prune" json:"prune,omitempty"` AppNamespace *string `protobuf:"bytes,6,opt,name=appNamespace" json:"appNamespace,omitempty"` + Project *string `protobuf:"bytes,7,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -1242,6 +1319,13 @@ func (m *ApplicationRollbackRequest) GetAppNamespace() string { return "" } +func (m *ApplicationRollbackRequest) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + type ApplicationResourceRequest struct { Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` Namespace *string `protobuf:"bytes,2,opt,name=namespace" json:"namespace,omitempty"` @@ -1250,6 +1334,7 @@ type ApplicationResourceRequest struct { Group *string `protobuf:"bytes,5,opt,name=group" json:"group,omitempty"` Kind *string `protobuf:"bytes,6,req,name=kind" json:"kind,omitempty"` AppNamespace *string `protobuf:"bytes,7,opt,name=appNamespace" json:"appNamespace,omitempty"` + Project *string `protobuf:"bytes,8,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -1337,6 +1422,13 @@ func (m *ApplicationResourceRequest) GetAppNamespace() string { return "" } +func (m *ApplicationResourceRequest) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + type ApplicationResourcePatchRequest struct { Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` Namespace *string `protobuf:"bytes,2,opt,name=namespace" json:"namespace,omitempty"` @@ -1347,6 +1439,7 @@ type ApplicationResourcePatchRequest struct { Patch *string `protobuf:"bytes,7,req,name=patch" json:"patch,omitempty"` PatchType *string `protobuf:"bytes,8,req,name=patchType" json:"patchType,omitempty"` AppNamespace *string `protobuf:"bytes,9,opt,name=appNamespace" json:"appNamespace,omitempty"` + Project *string `protobuf:"bytes,10,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -1448,6 +1541,13 @@ func (m *ApplicationResourcePatchRequest) GetAppNamespace() string { return "" } +func (m *ApplicationResourcePatchRequest) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + type ApplicationResourceDeleteRequest struct { Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` Namespace *string `protobuf:"bytes,2,opt,name=namespace" json:"namespace,omitempty"` @@ -1458,6 +1558,7 @@ type ApplicationResourceDeleteRequest struct { Force *bool `protobuf:"varint,7,opt,name=force" json:"force,omitempty"` Orphan *bool `protobuf:"varint,8,opt,name=orphan" json:"orphan,omitempty"` AppNamespace *string `protobuf:"bytes,9,opt,name=appNamespace" json:"appNamespace,omitempty"` + Project *string `protobuf:"bytes,10,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -1559,6 +1660,13 @@ func (m *ApplicationResourceDeleteRequest) GetAppNamespace() string { return "" } +func (m *ApplicationResourceDeleteRequest) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + type ResourceActionRunRequest struct { Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` Namespace *string `protobuf:"bytes,2,opt,name=namespace" json:"namespace,omitempty"` @@ -1568,6 +1676,7 @@ type ResourceActionRunRequest struct { Kind *string `protobuf:"bytes,6,req,name=kind" json:"kind,omitempty"` Action *string `protobuf:"bytes,7,req,name=action" json:"action,omitempty"` AppNamespace *string `protobuf:"bytes,8,opt,name=appNamespace" json:"appNamespace,omitempty"` + Project *string `protobuf:"bytes,9,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -1662,6 +1771,13 @@ func (m *ResourceActionRunRequest) GetAppNamespace() string { return "" } +func (m *ResourceActionRunRequest) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + type ResourceActionsListResponse struct { Actions []*v1alpha1.ResourceAction `protobuf:"bytes,1,rep,name=actions" json:"actions,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` @@ -1772,6 +1888,7 @@ type ApplicationPodLogsQuery struct { ResourceName *string `protobuf:"bytes,13,opt,name=resourceName" json:"resourceName,omitempty"` Previous *bool `protobuf:"varint,14,opt,name=previous" json:"previous,omitempty"` AppNamespace *string `protobuf:"bytes,15,opt,name=appNamespace" json:"appNamespace,omitempty"` + Project *string `protobuf:"bytes,16,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -1915,6 +2032,13 @@ func (m *ApplicationPodLogsQuery) GetAppNamespace() string { return "" } +func (m *ApplicationPodLogsQuery) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + type LogEntry struct { Content *string `protobuf:"bytes,1,req,name=content" json:"content,omitempty"` // deprecated in favor of timeStampStr since meta.v1.Time don't support nano time @@ -1998,6 +2122,7 @@ func (m *LogEntry) GetPodName() string { type OperationTerminateRequest struct { Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` AppNamespace *string `protobuf:"bytes,2,opt,name=appNamespace" json:"appNamespace,omitempty"` + Project *string `protobuf:"bytes,3,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -2050,9 +2175,17 @@ func (m *OperationTerminateRequest) GetAppNamespace() string { return "" } +func (m *OperationTerminateRequest) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + type ApplicationSyncWindowsQuery struct { Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` AppNamespace *string `protobuf:"bytes,2,opt,name=appNamespace" json:"appNamespace,omitempty"` + Project *string `protobuf:"bytes,3,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -2105,6 +2238,13 @@ func (m *ApplicationSyncWindowsQuery) GetAppNamespace() string { return "" } +func (m *ApplicationSyncWindowsQuery) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + type ApplicationSyncWindowsResponse struct { ActiveWindows []*ApplicationSyncWindow `protobuf:"bytes,1,rep,name=activeWindows" json:"activeWindows,omitempty"` AssignedWindows []*ApplicationSyncWindow `protobuf:"bytes,2,rep,name=assignedWindows" json:"assignedWindows,omitempty"` @@ -2286,6 +2426,7 @@ type ResourcesQuery struct { Group *string `protobuf:"bytes,5,opt,name=group" json:"group,omitempty"` Kind *string `protobuf:"bytes,6,opt,name=kind" json:"kind,omitempty"` AppNamespace *string `protobuf:"bytes,7,opt,name=appNamespace" json:"appNamespace,omitempty"` + Project *string `protobuf:"bytes,8,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -2373,6 +2514,13 @@ func (m *ResourcesQuery) GetAppNamespace() string { return "" } +func (m *ResourcesQuery) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + type ManagedResourcesResponse struct { Items []*v1alpha1.ResourceDiff `protobuf:"bytes,1,rep,name=items" json:"items,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` @@ -2541,6 +2689,7 @@ func (m *LinksResponse) GetItems() []*LinkInfo { type ListAppLinksRequest struct { Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` Namespace *string `protobuf:"bytes,3,opt,name=namespace" json:"namespace,omitempty"` + Project *string `protobuf:"bytes,4,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -2593,6 +2742,13 @@ func (m *ListAppLinksRequest) GetNamespace() string { return "" } +func (m *ListAppLinksRequest) GetProject() string { + if m != nil && m.Project != nil { + return *m.Project + } + return "" +} + func init() { proto.RegisterType((*ApplicationQuery)(nil), "application.ApplicationQuery") proto.RegisterType((*NodeQuery)(nil), "application.NodeQuery") @@ -2636,172 +2792,175 @@ func init() { } var fileDescriptor_df6e82b174b5eaec = []byte{ - // 2630 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x5a, 0xcb, 0x8f, 0x1c, 0x49, - 0xd1, 0xff, 0xb2, 0xe7, 0xd5, 0x1d, 0x3d, 0x7e, 0xe5, 0xda, 0xf3, 0xd5, 0xb6, 0xc7, 0x66, 0x5c, - 0x7e, 0x8d, 0xc7, 0x9e, 0x6e, 0xbb, 0x31, 0xc8, 0x3b, 0xbb, 0x2b, 0xb0, 0xc7, 0x4f, 0x18, 0x7b, - 0x4d, 0x8d, 0x8d, 0xd1, 0x72, 0x80, 0xdc, 0xaa, 0x9c, 0x9e, 0x62, 0xaa, 0xab, 0xca, 0x55, 0xd5, - 0x6d, 0x8d, 0x8c, 0x2f, 0x8b, 0xb8, 0xad, 0x16, 0x69, 0x77, 0x0f, 0x68, 0xb5, 0x42, 0x68, 0x57, - 0x7b, 0xe1, 0xc2, 0x0d, 0x21, 0x71, 0x81, 0x0b, 0x02, 0x09, 0x24, 0xc4, 0xe3, 0x02, 0x17, 0x64, - 0x71, 0xe3, 0xc2, 0x81, 0x3f, 0x00, 0x65, 0x56, 0x66, 0x55, 0x56, 0x77, 0x75, 0x75, 0x0d, 0x33, - 0x68, 0x7d, 0xab, 0xc8, 0xce, 0x8c, 0xf8, 0x45, 0x64, 0x64, 0x44, 0x64, 0x64, 0xc3, 0xa9, 0x90, - 0x06, 0x7d, 0x1a, 0xb4, 0x88, 0xef, 0x3b, 0xb6, 0x49, 0x22, 0xdb, 0x73, 0xd5, 0xef, 0xa6, 0x1f, - 0x78, 0x91, 0x87, 0xeb, 0xca, 0x50, 0x63, 0xbe, 0xe3, 0x79, 0x1d, 0x87, 0xb6, 0x88, 0x6f, 0xb7, - 0x88, 0xeb, 0x7a, 0x11, 0x1f, 0x0e, 0xe3, 0xa9, 0x0d, 0x7d, 0xeb, 0x4a, 0xd8, 0xb4, 0x3d, 0xfe, - 0xab, 0xe9, 0x05, 0xb4, 0xd5, 0xbf, 0xd4, 0xea, 0x50, 0x97, 0x06, 0x24, 0xa2, 0x96, 0x98, 0x73, - 0x39, 0x9d, 0xd3, 0x25, 0xe6, 0xa6, 0xed, 0xd2, 0x60, 0xbb, 0xe5, 0x6f, 0x75, 0xd8, 0x40, 0xd8, - 0xea, 0xd2, 0x88, 0xe4, 0xad, 0x5a, 0xeb, 0xd8, 0xd1, 0x66, 0xef, 0xad, 0xa6, 0xe9, 0x75, 0x5b, - 0x24, 0xe8, 0x78, 0x7e, 0xe0, 0x7d, 0x87, 0x7f, 0x2c, 0x9b, 0x56, 0xab, 0xdf, 0x4e, 0x19, 0xa8, - 0xba, 0xf4, 0x2f, 0x11, 0xc7, 0xdf, 0x24, 0xc3, 0xdc, 0x6e, 0x8c, 0xe1, 0x16, 0x50, 0xdf, 0x13, - 0xb6, 0xe1, 0x9f, 0x76, 0xe4, 0x05, 0xdb, 0xca, 0x67, 0xcc, 0x46, 0xff, 0x37, 0x82, 0x83, 0x57, - 0x53, 0x79, 0x5f, 0xeb, 0xd1, 0x60, 0x1b, 0x63, 0x98, 0x74, 0x49, 0x97, 0x6a, 0x68, 0x01, 0x2d, - 0xd6, 0x0c, 0xfe, 0x8d, 0x35, 0x98, 0x09, 0xe8, 0x46, 0x40, 0xc3, 0x4d, 0xad, 0xc2, 0x87, 0x25, - 0x89, 0x1b, 0x50, 0x65, 0xc2, 0xa9, 0x19, 0x85, 0xda, 0xc4, 0xc2, 0xc4, 0x62, 0xcd, 0x48, 0x68, - 0xbc, 0x08, 0x07, 0x02, 0x1a, 0x7a, 0xbd, 0xc0, 0xa4, 0x5f, 0xa7, 0x41, 0x68, 0x7b, 0xae, 0x36, - 0xc9, 0x57, 0x0f, 0x0e, 0x33, 0x2e, 0x21, 0x75, 0xa8, 0x19, 0x79, 0x81, 0x36, 0xc5, 0xa7, 0x24, - 0x34, 0xc3, 0xc3, 0x80, 0x6b, 0xd3, 0x31, 0x1e, 0xf6, 0x8d, 0x75, 0x98, 0x25, 0xbe, 0x7f, 0x8f, - 0x74, 0x69, 0xe8, 0x13, 0x93, 0x6a, 0x33, 0xfc, 0xb7, 0xcc, 0x18, 0xc3, 0x2c, 0x90, 0x68, 0x55, - 0x0e, 0x4c, 0x92, 0xfa, 0x2a, 0xd4, 0xee, 0x79, 0x16, 0x1d, 0xad, 0xee, 0x20, 0xfb, 0xca, 0x30, - 0x7b, 0x7d, 0x0b, 0x8e, 0x18, 0xb4, 0x6f, 0x33, 0xf8, 0x77, 0x69, 0x44, 0x2c, 0x12, 0x91, 0x41, - 0x86, 0x95, 0x84, 0x61, 0x03, 0xaa, 0x81, 0x98, 0xac, 0x55, 0xf8, 0x78, 0x42, 0x0f, 0x09, 0x9b, - 0xc8, 0x11, 0xf6, 0x3b, 0x04, 0xc7, 0x95, 0x8d, 0x32, 0x84, 0xf9, 0x6e, 0xf4, 0xa9, 0x1b, 0x85, - 0xa3, 0xc5, 0x5e, 0x80, 0x43, 0xd2, 0xd2, 0x83, 0xca, 0x0c, 0xff, 0xc0, 0x80, 0xa8, 0x83, 0x12, - 0x88, 0x3a, 0x86, 0x17, 0xa0, 0x2e, 0xe9, 0x87, 0x77, 0xae, 0x8b, 0xed, 0x54, 0x87, 0x86, 0xd4, - 0x99, 0xca, 0x51, 0xc7, 0x05, 0x4d, 0xd1, 0xe6, 0x2e, 0x71, 0xed, 0x0d, 0x1a, 0x46, 0x65, 0xcd, - 0x87, 0x76, 0x6c, 0xbe, 0x13, 0x50, 0xbb, 0x69, 0x3b, 0x74, 0x75, 0xb3, 0xe7, 0x6e, 0xe1, 0xc3, - 0x30, 0x65, 0xb2, 0x0f, 0x2e, 0x61, 0xd6, 0x88, 0x09, 0xfd, 0x09, 0x9c, 0x18, 0x05, 0xe9, 0x91, - 0x1d, 0x6d, 0xb2, 0xe5, 0xe1, 0x28, 0x6c, 0xe6, 0x26, 0x35, 0xb7, 0xc2, 0x5e, 0x57, 0x6e, 0xad, - 0xa4, 0x4b, 0x61, 0xfb, 0x09, 0x82, 0xc5, 0xb1, 0x92, 0x1f, 0x05, 0xc4, 0xf7, 0x69, 0x80, 0x6f, - 0xc2, 0xd4, 0x63, 0xf6, 0x03, 0xf7, 0xd6, 0x7a, 0xbb, 0xd9, 0x54, 0xa3, 0xdd, 0x58, 0x2e, 0xb7, - 0xff, 0xcf, 0x88, 0x97, 0xe3, 0xa6, 0xb4, 0x41, 0x85, 0xf3, 0x99, 0xcb, 0xf0, 0x49, 0x4c, 0xc5, - 0xe6, 0xf3, 0x69, 0xd7, 0xa6, 0x61, 0xd2, 0x27, 0x41, 0xa4, 0x1f, 0x81, 0x97, 0xb2, 0x6e, 0xe8, - 0x7b, 0x6e, 0x48, 0xf5, 0x5f, 0xa0, 0xcc, 0x86, 0xae, 0x06, 0x94, 0x44, 0xd4, 0xa0, 0x8f, 0x7b, - 0x34, 0x8c, 0xf0, 0x16, 0xa8, 0x01, 0x98, 0xdb, 0xae, 0xde, 0xbe, 0xd3, 0x4c, 0x23, 0x58, 0x53, - 0x46, 0x30, 0xfe, 0xf1, 0x2d, 0xd3, 0x6a, 0xf6, 0xdb, 0x4d, 0x7f, 0xab, 0xd3, 0x64, 0xf1, 0x30, - 0x83, 0x4c, 0xc6, 0x43, 0x55, 0x55, 0x43, 0xe5, 0x8e, 0xe7, 0x60, 0xba, 0xe7, 0x87, 0x34, 0x88, - 0xb8, 0x66, 0x55, 0x43, 0x50, 0x6c, 0x97, 0xfa, 0xc4, 0xb1, 0x2d, 0x12, 0xc5, 0xbb, 0x50, 0x35, - 0x12, 0x5a, 0xff, 0x24, 0x8b, 0xfe, 0xa1, 0x6f, 0x7d, 0x56, 0xe8, 0x55, 0x94, 0x95, 0x01, 0x94, - 0x1f, 0x66, 0x51, 0x5e, 0xa7, 0x0e, 0x4d, 0x51, 0xe6, 0x39, 0xa6, 0x06, 0x33, 0x26, 0x09, 0x4d, - 0x62, 0x49, 0x5e, 0x92, 0x64, 0x61, 0xc1, 0x0f, 0x3c, 0x9f, 0x74, 0x38, 0xa7, 0xfb, 0x9e, 0x63, - 0x9b, 0xdb, 0xc2, 0x37, 0x87, 0x7f, 0x18, 0x72, 0xe2, 0xc9, 0x1c, 0x27, 0x3e, 0x09, 0xf5, 0xf5, - 0x6d, 0xd7, 0x7c, 0xc3, 0xe7, 0xc9, 0x94, 0x1d, 0x31, 0x3b, 0xa2, 0xdd, 0x50, 0x43, 0x3c, 0xf0, - 0xc6, 0x84, 0xfe, 0xd1, 0x14, 0xcc, 0x29, 0x1a, 0xb0, 0x05, 0x45, 0xf8, 0x8b, 0x0e, 0xfd, 0x1c, - 0x4c, 0x5b, 0xc1, 0xb6, 0xd1, 0x73, 0xc5, 0x66, 0x0a, 0x8a, 0x09, 0xf6, 0x83, 0x9e, 0x1b, 0x83, - 0xac, 0x1a, 0x31, 0x81, 0x37, 0xa0, 0x1a, 0x46, 0x2c, 0x7d, 0x76, 0xb6, 0x79, 0x38, 0xaa, 0xb7, - 0xbf, 0xb2, 0xbb, 0x0d, 0x64, 0xd0, 0xd7, 0x05, 0x47, 0x23, 0xe1, 0x8d, 0x1f, 0x43, 0x4d, 0x46, - 0xc2, 0x50, 0x9b, 0x59, 0x98, 0x58, 0xac, 0xb7, 0xd7, 0x77, 0x2f, 0xe8, 0x0d, 0x9f, 0xa5, 0x7e, - 0x25, 0xea, 0x1b, 0xa9, 0x14, 0x3c, 0x0f, 0xb5, 0xae, 0x38, 0xeb, 0xa1, 0x48, 0x73, 0xe9, 0x00, - 0xfe, 0x06, 0x4c, 0xd9, 0xee, 0x86, 0x17, 0x6a, 0x35, 0x0e, 0xe6, 0xda, 0xee, 0xc0, 0xdc, 0x71, - 0x37, 0x3c, 0x23, 0x66, 0x88, 0x1f, 0xc3, 0xbe, 0x80, 0x46, 0xc1, 0xb6, 0xb4, 0x82, 0x06, 0xdc, - 0xae, 0x5f, 0xdd, 0x9d, 0x04, 0x43, 0x65, 0x69, 0x64, 0x25, 0xe0, 0x15, 0xa8, 0x87, 0xa9, 0x8f, - 0x69, 0x75, 0x2e, 0x50, 0xcb, 0x30, 0x52, 0x7c, 0xd0, 0x50, 0x27, 0x0f, 0xf9, 0xf0, 0x6c, 0x8e, - 0x0f, 0xff, 0x05, 0xc1, 0xfc, 0x50, 0x18, 0x58, 0xf7, 0x69, 0xa1, 0x93, 0x12, 0x98, 0x0c, 0x7d, - 0x6a, 0xf2, 0xc8, 0x5f, 0x6f, 0xdf, 0xdd, 0xb3, 0xb8, 0xc0, 0xe5, 0x72, 0xd6, 0x45, 0xa1, 0xab, - 0xd4, 0xd9, 0xfc, 0x3e, 0x82, 0xff, 0x57, 0x38, 0xdf, 0x27, 0x91, 0xb9, 0x59, 0xa4, 0x12, 0x3b, - 0x43, 0x6c, 0x8e, 0xc8, 0x66, 0x31, 0xc1, 0x1c, 0x8d, 0x7f, 0x3c, 0xd8, 0xf6, 0x19, 0x0c, 0xf6, - 0x4b, 0x3a, 0x50, 0x2a, 0xe9, 0xbf, 0x87, 0xa0, 0xa1, 0x46, 0x3e, 0xcf, 0x71, 0xde, 0x22, 0xe6, - 0x56, 0x11, 0x94, 0xfd, 0x50, 0xb1, 0x2d, 0x8e, 0x63, 0xc2, 0xa8, 0xd8, 0xd6, 0x0e, 0x8f, 0xfd, - 0x20, 0xa8, 0xe9, 0x1c, 0x50, 0x7f, 0x1d, 0x00, 0x25, 0x8f, 0x58, 0x01, 0xa8, 0x79, 0xa8, 0xb9, - 0x03, 0xc5, 0x54, 0x3a, 0x90, 0x53, 0x44, 0x55, 0x86, 0x8a, 0x28, 0x0d, 0x66, 0xfa, 0x49, 0x3d, - 0xcc, 0x7e, 0x96, 0x24, 0x53, 0xa4, 0x13, 0x78, 0x3d, 0x5f, 0x18, 0x30, 0x26, 0x18, 0x8a, 0x2d, - 0xdb, 0xb5, 0xb4, 0xe9, 0x18, 0x05, 0xfb, 0x2e, 0x53, 0x01, 0xeb, 0xef, 0x57, 0xe0, 0x73, 0x39, - 0xca, 0x8d, 0xf5, 0x80, 0x17, 0x43, 0xc3, 0xc4, 0x0f, 0x67, 0x46, 0xfa, 0x61, 0x75, 0x9c, 0x1f, - 0xd6, 0x72, 0xac, 0xf2, 0x6e, 0x05, 0x16, 0x72, 0xac, 0x32, 0x3e, 0xa1, 0xbe, 0x30, 0x66, 0xd9, - 0xf0, 0x02, 0xb1, 0xe3, 0x55, 0x23, 0x26, 0xd8, 0xc9, 0xf0, 0x02, 0x7f, 0x93, 0xb8, 0x5a, 0x35, - 0x3e, 0x19, 0x31, 0x55, 0xca, 0x20, 0xff, 0x42, 0xa0, 0x49, 0x2b, 0x5c, 0x35, 0xb9, 0x4d, 0x7a, - 0xee, 0x8b, 0x6f, 0x88, 0x39, 0x98, 0x26, 0x1c, 0xad, 0x70, 0x10, 0x41, 0x0d, 0xa9, 0x5c, 0xcd, - 0x8f, 0x89, 0x47, 0xb3, 0x2a, 0x87, 0x6b, 0x76, 0x18, 0xc9, 0x82, 0x16, 0x6f, 0xc0, 0x4c, 0xcc, - 0x2d, 0x2e, 0x61, 0xea, 0xed, 0xb5, 0xdd, 0x26, 0xb6, 0x8c, 0x79, 0x25, 0x73, 0xfd, 0x15, 0x38, - 0x9a, 0x1b, 0x7d, 0x04, 0x8c, 0x06, 0x54, 0x65, 0x32, 0x17, 0x1b, 0x90, 0xd0, 0xfa, 0x3f, 0x27, - 0xb2, 0x61, 0xdd, 0xb3, 0xd6, 0xbc, 0x4e, 0xc1, 0x5d, 0xb0, 0x78, 0xd3, 0xd8, 0x65, 0xd9, 0xb3, - 0x94, 0x6b, 0x9f, 0x24, 0xd9, 0x3a, 0xd3, 0x73, 0x23, 0x62, 0xbb, 0x34, 0x10, 0xf9, 0x25, 0x1d, - 0x60, 0xc6, 0x0e, 0x6d, 0xd7, 0xa4, 0xeb, 0xd4, 0xf4, 0x5c, 0x2b, 0xe4, 0xbb, 0x36, 0x61, 0x64, - 0xc6, 0xf0, 0x6d, 0xa8, 0x71, 0xfa, 0x81, 0xdd, 0x8d, 0x83, 0x70, 0xbd, 0xbd, 0xd4, 0x8c, 0x9b, - 0x28, 0x4d, 0xb5, 0x89, 0x92, 0xda, 0xb0, 0x4b, 0x23, 0xd2, 0xec, 0x5f, 0x6a, 0xb2, 0x15, 0x46, - 0xba, 0x98, 0x61, 0x89, 0x88, 0xed, 0xac, 0xd9, 0x2e, 0x2f, 0xb0, 0x98, 0xa8, 0x74, 0x80, 0x39, - 0xc4, 0x86, 0xe7, 0x38, 0xde, 0x13, 0x79, 0x06, 0x62, 0x8a, 0xad, 0xea, 0xb9, 0x91, 0xed, 0x70, - 0xf9, 0xf1, 0x01, 0x48, 0x07, 0xf8, 0x2a, 0xdb, 0x89, 0x68, 0xc0, 0x4b, 0x98, 0x9a, 0x21, 0xa8, - 0xc4, 0xe5, 0xea, 0x71, 0x5f, 0x40, 0x9e, 0xbd, 0xd8, 0x39, 0x67, 0x55, 0xe7, 0x1c, 0x74, 0xf8, - 0x7d, 0x39, 0xf7, 0x66, 0xde, 0x26, 0xa1, 0x7d, 0xdb, 0xeb, 0x85, 0xda, 0xfe, 0x38, 0x89, 0x4b, - 0x7a, 0xc8, 0x61, 0x0f, 0xe4, 0x38, 0xec, 0x2f, 0x11, 0x54, 0xd7, 0xbc, 0xce, 0x0d, 0x37, 0x0a, - 0xb6, 0x79, 0x65, 0xef, 0xb9, 0x11, 0x75, 0xa5, 0x57, 0x48, 0x92, 0x99, 0x3a, 0xb2, 0xbb, 0x74, - 0x3d, 0x22, 0x5d, 0x5f, 0xd4, 0x24, 0x3b, 0x32, 0x75, 0xb2, 0x98, 0xa9, 0xef, 0x90, 0x30, 0xe2, - 0xa7, 0xb7, 0x6a, 0xf0, 0x6f, 0x06, 0x34, 0x99, 0xb0, 0x1e, 0x05, 0xe2, 0xe8, 0x66, 0xc6, 0x54, - 0x47, 0x9a, 0x8a, 0xb1, 0x09, 0x52, 0x5f, 0x87, 0x97, 0x93, 0x52, 0xf6, 0x01, 0x0d, 0xba, 0xb6, - 0x4b, 0x8a, 0xe3, 0x6d, 0x99, 0x2e, 0xcc, 0xc3, 0xcc, 0x01, 0x62, 0xf5, 0xdf, 0x23, 0xdb, 0xb5, - 0xbc, 0x27, 0x05, 0x07, 0xa1, 0x0c, 0xdb, 0x3f, 0x66, 0xfb, 0x2d, 0x0a, 0xdf, 0xe4, 0x6c, 0xde, - 0x86, 0x7d, 0xec, 0x14, 0xf7, 0xa9, 0xf8, 0x41, 0x04, 0x0a, 0x7d, 0xd4, 0x95, 0x3c, 0xe5, 0x61, - 0x64, 0x17, 0xe2, 0x35, 0x38, 0x40, 0xc2, 0xd0, 0xee, 0xb8, 0xd4, 0x92, 0xbc, 0x2a, 0xa5, 0x79, - 0x0d, 0x2e, 0x8d, 0xaf, 0x7d, 0x7c, 0x86, 0xd8, 0x3b, 0x49, 0xea, 0xdf, 0x43, 0x70, 0x24, 0x97, - 0x49, 0xe2, 0xeb, 0x48, 0x09, 0xaf, 0x0d, 0xa8, 0x86, 0xe6, 0x26, 0xb5, 0x7a, 0x0e, 0x95, 0x7d, - 0x0d, 0x49, 0xb3, 0xdf, 0xac, 0x5e, 0xbc, 0x93, 0x22, 0xbc, 0x27, 0x34, 0x3e, 0x0e, 0xd0, 0x25, - 0x6e, 0x8f, 0x38, 0x1c, 0xc2, 0x24, 0x87, 0xa0, 0x8c, 0xe8, 0xf3, 0xd0, 0xc8, 0x73, 0x03, 0xd1, - 0x49, 0xf8, 0x33, 0x82, 0xfd, 0x32, 0x0c, 0x8a, 0x3d, 0x5c, 0x84, 0x03, 0x8a, 0x19, 0xee, 0xa5, - 0xdb, 0x39, 0x38, 0x3c, 0x26, 0xc4, 0x49, 0x5f, 0x98, 0xc8, 0xf6, 0x35, 0xfb, 0x99, 0xce, 0x64, - 0xe9, 0x3c, 0x84, 0x76, 0x54, 0x89, 0x7d, 0x17, 0xb4, 0xbb, 0xc4, 0x25, 0x1d, 0x6a, 0x25, 0xca, - 0x25, 0x8e, 0xf4, 0x6d, 0xf5, 0xb2, 0xbc, 0xeb, 0xab, 0x69, 0x52, 0xce, 0xd8, 0x1b, 0x1b, 0xf2, - 0xe2, 0x1d, 0x40, 0x75, 0xcd, 0x76, 0xb7, 0xd8, 0xfd, 0x8d, 0xe9, 0x15, 0xd9, 0x91, 0x23, 0x6d, - 0x18, 0x13, 0xf8, 0x20, 0x4c, 0xf4, 0x02, 0x47, 0xec, 0x33, 0xfb, 0xc4, 0x0b, 0x50, 0xb7, 0x68, - 0x68, 0x06, 0xb6, 0x2f, 0x76, 0x99, 0x37, 0xfa, 0x94, 0x21, 0x66, 0x6d, 0xdb, 0xf4, 0xdc, 0x55, - 0x87, 0x84, 0xa1, 0x4c, 0x0c, 0xc9, 0x80, 0xfe, 0x1a, 0xec, 0x63, 0x32, 0x53, 0x35, 0xcf, 0x67, - 0xd5, 0x3c, 0x92, 0x81, 0x2f, 0xe1, 0x49, 0xc4, 0xb7, 0xe0, 0x25, 0x96, 0x8f, 0xaf, 0xfa, 0xbe, - 0x60, 0x52, 0xb2, 0x18, 0x99, 0x18, 0xd8, 0xf4, 0xf6, 0xdf, 0x4e, 0x02, 0x56, 0x7d, 0x9e, 0x06, - 0x7d, 0xdb, 0xa4, 0xf8, 0x3d, 0x04, 0x93, 0x4c, 0x00, 0x3e, 0x36, 0xea, 0x88, 0x71, 0xdf, 0x6b, - 0xec, 0xdd, 0x85, 0x8e, 0x49, 0xd3, 0xe7, 0xdf, 0xfe, 0xd3, 0x3f, 0xde, 0xaf, 0xcc, 0xe1, 0xc3, - 0xfc, 0x81, 0xa1, 0x7f, 0x49, 0x6d, 0xf6, 0x87, 0xf8, 0x1d, 0x04, 0x58, 0x54, 0x21, 0x4a, 0x77, - 0x17, 0x9f, 0x1f, 0x05, 0x31, 0xa7, 0x0b, 0xdc, 0x38, 0xa6, 0x44, 0xfb, 0xa6, 0xe9, 0x05, 0x94, - 0xc5, 0x76, 0x3e, 0x81, 0x03, 0x58, 0xe2, 0x00, 0x4e, 0x61, 0x3d, 0x0f, 0x40, 0xeb, 0x29, 0xb3, - 0xdb, 0xb3, 0x16, 0x8d, 0xe5, 0x7e, 0x8c, 0x60, 0xea, 0x11, 0xaf, 0xb9, 0xc7, 0x18, 0x69, 0x7d, - 0xcf, 0x8c, 0xc4, 0xc5, 0x71, 0xb4, 0xfa, 0x49, 0x8e, 0xf4, 0x18, 0x3e, 0x2a, 0x91, 0x86, 0x51, - 0x40, 0x49, 0x37, 0x03, 0xf8, 0x22, 0xc2, 0x9f, 0x22, 0x98, 0x8e, 0xdb, 0x8d, 0xf8, 0xf4, 0x28, - 0x94, 0x99, 0x76, 0x64, 0x63, 0xef, 0x7a, 0x77, 0xfa, 0x39, 0x8e, 0xf1, 0xa4, 0x9e, 0xbb, 0x9d, - 0x2b, 0x99, 0xce, 0xde, 0x07, 0x08, 0x26, 0x6e, 0xd1, 0xb1, 0xfe, 0xb6, 0x87, 0xe0, 0x86, 0x0c, - 0x98, 0xb3, 0xd5, 0xf8, 0x13, 0x04, 0x2f, 0xdf, 0xa2, 0x51, 0x7e, 0xaa, 0xc3, 0x8b, 0xe3, 0xf3, - 0x8f, 0x70, 0xbb, 0xf3, 0x25, 0x66, 0x26, 0x31, 0xbe, 0xc5, 0x91, 0x9d, 0xc3, 0x67, 0x8b, 0x9c, - 0x30, 0xdc, 0x76, 0xcd, 0x27, 0x02, 0xc7, 0x6f, 0x11, 0x1c, 0x1c, 0x7c, 0x6b, 0xc1, 0xd9, 0xe4, - 0x98, 0xfb, 0x14, 0xd3, 0xb8, 0xb7, 0xdb, 0x58, 0x9a, 0x65, 0xaa, 0x5f, 0xe5, 0xc8, 0x5f, 0xc5, - 0xaf, 0x14, 0x21, 0x97, 0x4d, 0xca, 0xb0, 0xf5, 0x54, 0x7e, 0x3e, 0xe3, 0xcf, 0x82, 0x1c, 0xf6, - 0xef, 0x11, 0x1c, 0x96, 0x7c, 0x57, 0x37, 0x49, 0x10, 0x5d, 0xa7, 0xac, 0x82, 0x0d, 0x4b, 0xe9, - 0xb3, 0xcb, 0xdc, 0xa0, 0xca, 0xd3, 0x6f, 0x70, 0x5d, 0xbe, 0x84, 0x5f, 0xdf, 0xb1, 0x2e, 0x26, - 0x63, 0x63, 0x09, 0xd8, 0x6f, 0x23, 0x98, 0xbd, 0x45, 0xa3, 0xbb, 0x49, 0xcf, 0xf1, 0x74, 0xa9, - 0x37, 0x89, 0xc6, 0x7c, 0x53, 0x79, 0x8d, 0x94, 0x3f, 0x25, 0x2e, 0xb2, 0xcc, 0xc1, 0x9d, 0xc5, - 0xa7, 0x8b, 0xc0, 0xa5, 0x7d, 0xce, 0x8f, 0x11, 0x1c, 0x51, 0x41, 0xa4, 0x2f, 0x36, 0x5f, 0xd8, - 0xd9, 0x0b, 0x89, 0x78, 0x67, 0x19, 0x83, 0xae, 0xcd, 0xd1, 0x5d, 0xd0, 0xf3, 0x1d, 0xb8, 0x3b, - 0x84, 0x62, 0x05, 0x2d, 0x2d, 0x22, 0xfc, 0x2b, 0x04, 0xd3, 0x71, 0x53, 0x71, 0xb4, 0x8d, 0x32, - 0x6f, 0x0f, 0x7b, 0x19, 0x0d, 0xc4, 0x6e, 0x37, 0x2e, 0xe6, 0x1b, 0x54, 0x5d, 0x2f, 0x5d, 0xb5, - 0xc9, 0xad, 0x9c, 0x0d, 0x63, 0x3f, 0x43, 0x00, 0x69, 0x63, 0x14, 0x9f, 0x2b, 0xd6, 0x43, 0x69, - 0x9e, 0x36, 0xf6, 0xb6, 0x35, 0xaa, 0x37, 0xb9, 0x3e, 0x8b, 0x8d, 0x85, 0xc2, 0x18, 0xe2, 0x53, - 0x73, 0x25, 0x6e, 0xa2, 0xfe, 0x18, 0xc1, 0x14, 0xef, 0x7b, 0xe1, 0x53, 0xa3, 0x30, 0xab, 0x6d, - 0xb1, 0xbd, 0x34, 0xfd, 0x19, 0x0e, 0x75, 0xa1, 0x5d, 0x14, 0x88, 0x57, 0xd0, 0x12, 0xee, 0xc3, - 0x74, 0xdc, 0x83, 0x1a, 0xed, 0x1e, 0x99, 0x1e, 0x55, 0x63, 0xa1, 0xa0, 0x30, 0x88, 0x1d, 0x55, - 0xe4, 0x80, 0xa5, 0x71, 0x39, 0x60, 0x92, 0x85, 0x69, 0x7c, 0xb2, 0x28, 0x88, 0xff, 0x0f, 0x0c, - 0x73, 0x9e, 0xa3, 0x3b, 0xad, 0x2f, 0x8c, 0xcb, 0x03, 0xcc, 0x3a, 0x3f, 0x44, 0x70, 0x70, 0xb0, - 0x84, 0xc6, 0x47, 0x07, 0x62, 0xa6, 0x7a, 0x6f, 0x68, 0x64, 0xad, 0x38, 0xaa, 0xfc, 0xd6, 0xbf, - 0xcc, 0x51, 0xac, 0xe0, 0x2b, 0x63, 0x4f, 0xc6, 0x3d, 0x19, 0x75, 0x18, 0xa3, 0xe5, 0xf4, 0x0d, - 0xe6, 0xe7, 0x08, 0x66, 0x25, 0xdf, 0x07, 0x01, 0xa5, 0xc5, 0xb0, 0xf6, 0xee, 0x20, 0x30, 0x59, - 0xfa, 0x6b, 0x1c, 0xfe, 0x17, 0xf1, 0xe5, 0x92, 0xf0, 0x25, 0xec, 0xe5, 0x88, 0x21, 0xfd, 0x35, - 0x82, 0x43, 0x8f, 0x62, 0xbf, 0xff, 0x8c, 0xf0, 0xaf, 0x72, 0xfc, 0xaf, 0xe3, 0x57, 0x0b, 0xea, - 0xbc, 0x71, 0x6a, 0x5c, 0x44, 0xf8, 0xa7, 0x08, 0xaa, 0xf2, 0x45, 0x01, 0x9f, 0x1d, 0x79, 0x30, - 0xb2, 0x6f, 0x0e, 0x7b, 0xe9, 0xcc, 0xa2, 0xa8, 0xd1, 0x4f, 0x15, 0xa6, 0x53, 0x21, 0x9f, 0x39, - 0xf4, 0x07, 0x08, 0x70, 0x72, 0xff, 0x4d, 0x6e, 0xc4, 0xf8, 0x4c, 0x46, 0xd4, 0xc8, 0x86, 0x49, - 0xe3, 0xec, 0xd8, 0x79, 0xd9, 0x54, 0xba, 0x54, 0x98, 0x4a, 0xbd, 0x44, 0xfe, 0xbb, 0x08, 0xea, - 0xb7, 0x68, 0x72, 0x07, 0x29, 0xb0, 0x65, 0xf6, 0xa9, 0xa4, 0xb1, 0x38, 0x7e, 0xa2, 0x40, 0x74, - 0x81, 0x23, 0x3a, 0x83, 0x8b, 0x4d, 0x25, 0x01, 0x7c, 0x84, 0x60, 0xdf, 0x7d, 0xd5, 0x45, 0xf1, - 0x85, 0x71, 0x92, 0x32, 0x91, 0xbc, 0x3c, 0xae, 0xcf, 0x73, 0x5c, 0xcb, 0x7a, 0x29, 0x5c, 0x2b, - 0xe2, 0x3d, 0xe2, 0x47, 0x28, 0xbe, 0xaa, 0x0e, 0x74, 0x93, 0xff, 0x5b, 0xbb, 0x15, 0x34, 0xa5, - 0xf5, 0xcb, 0x1c, 0x5f, 0x13, 0x5f, 0x28, 0x83, 0xaf, 0x25, 0x5a, 0xcc, 0xf8, 0x43, 0x04, 0x87, - 0x78, 0x3f, 0x5f, 0x65, 0x3c, 0x90, 0x62, 0x46, 0x75, 0xff, 0x4b, 0xa4, 0x18, 0x11, 0x7f, 0xf4, - 0x1d, 0x81, 0x5a, 0x91, 0xbd, 0xfa, 0x1f, 0x20, 0xd8, 0x2f, 0x93, 0x9a, 0xd8, 0xdd, 0xe5, 0x71, - 0x86, 0xdb, 0x69, 0x12, 0x14, 0xee, 0xb6, 0x54, 0xce, 0xdd, 0x3e, 0x45, 0x30, 0x23, 0x7a, 0xe9, - 0x05, 0xa5, 0x82, 0xd2, 0x6c, 0x6f, 0x0c, 0x74, 0x32, 0x44, 0x93, 0x56, 0xff, 0x26, 0x17, 0xfb, - 0x10, 0xb7, 0x8a, 0xc4, 0xfa, 0x9e, 0x15, 0xb6, 0x9e, 0x8a, 0x0e, 0xe9, 0xb3, 0x96, 0xe3, 0x75, - 0xc2, 0x37, 0x75, 0x5c, 0x98, 0x10, 0xd9, 0x9c, 0x8b, 0x08, 0x47, 0x50, 0x63, 0xce, 0xc1, 0xdb, - 0x23, 0x78, 0x61, 0xa0, 0x99, 0x32, 0xd4, 0x39, 0x69, 0x34, 0x86, 0xda, 0x2d, 0x69, 0x06, 0x14, - 0xd7, 0x58, 0x7c, 0xa2, 0x50, 0x2c, 0x17, 0xf4, 0x0e, 0x82, 0x43, 0xaa, 0xb7, 0xc7, 0xe2, 0x4b, - 0xfb, 0x7a, 0x11, 0x0a, 0x51, 0x54, 0xe3, 0xa5, 0x52, 0x8e, 0xc4, 0xe1, 0x5c, 0xbb, 0xf9, 0x9b, - 0xe7, 0xc7, 0xd1, 0x1f, 0x9e, 0x1f, 0x47, 0x7f, 0x7f, 0x7e, 0x1c, 0xbd, 0x79, 0xa5, 0xdc, 0x5f, - 0x2c, 0x4d, 0xc7, 0xa6, 0x6e, 0xa4, 0xb2, 0xff, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x47, 0x97, - 0xe3, 0x09, 0x48, 0x2a, 0x00, 0x00, + // 2673 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x5a, 0xcd, 0x8f, 0x1c, 0x47, + 0x15, 0xa7, 0x66, 0xbf, 0x66, 0xde, 0xec, 0xfa, 0xa3, 0x12, 0x2f, 0x9d, 0xf6, 0xc6, 0x6c, 0xda, + 0x76, 0xbc, 0x59, 0x7b, 0x67, 0xec, 0xc1, 0x20, 0x67, 0x93, 0x08, 0xec, 0xf5, 0x27, 0xac, 0x1d, + 0xd3, 0x6b, 0x63, 0x14, 0x0e, 0x50, 0xe9, 0xae, 0x9d, 0x6d, 0xb6, 0xa7, 0xbb, 0xdd, 0xdd, 0x33, + 0xd6, 0xca, 0xf8, 0x12, 0x64, 0x09, 0xa1, 0x08, 0x04, 0xe4, 0x80, 0x10, 0x02, 0x14, 0x14, 0x09, + 0x21, 0x10, 0x17, 0x14, 0x21, 0x21, 0x24, 0xb8, 0x20, 0x38, 0x20, 0x21, 0x38, 0x72, 0x41, 0x16, + 0xe2, 0x08, 0x97, 0xfc, 0x01, 0xa8, 0xaa, 0xab, 0xba, 0xab, 0xe7, 0xa3, 0x67, 0x96, 0x19, 0x14, + 0xdf, 0xfa, 0xd5, 0x54, 0xbd, 0xf7, 0xab, 0x57, 0xbf, 0x7a, 0xaf, 0xea, 0xd5, 0xc0, 0x89, 0x88, + 0x86, 0x1d, 0x1a, 0xd6, 0x49, 0x10, 0xb8, 0x8e, 0x45, 0x62, 0xc7, 0xf7, 0xd4, 0xef, 0x5a, 0x10, + 0xfa, 0xb1, 0x8f, 0xab, 0x4a, 0x93, 0xbe, 0xd4, 0xf4, 0xfd, 0xa6, 0x4b, 0xeb, 0x24, 0x70, 0xea, + 0xc4, 0xf3, 0xfc, 0x98, 0x37, 0x47, 0x49, 0x57, 0xdd, 0xd8, 0xbd, 0x10, 0xd5, 0x1c, 0x9f, 0xff, + 0x6a, 0xf9, 0x21, 0xad, 0x77, 0xce, 0xd5, 0x9b, 0xd4, 0xa3, 0x21, 0x89, 0xa9, 0x2d, 0xfa, 0x9c, + 0xcf, 0xfa, 0xb4, 0x88, 0xb5, 0xe3, 0x78, 0x34, 0xdc, 0xab, 0x07, 0xbb, 0x4d, 0xd6, 0x10, 0xd5, + 0x5b, 0x34, 0x26, 0xfd, 0x46, 0x6d, 0x36, 0x9d, 0x78, 0xa7, 0xfd, 0x66, 0xcd, 0xf2, 0x5b, 0x75, + 0x12, 0x36, 0xfd, 0x20, 0xf4, 0xbf, 0xc2, 0x3f, 0xd6, 0x2c, 0xbb, 0xde, 0x69, 0x64, 0x0a, 0xd4, + 0xb9, 0x74, 0xce, 0x11, 0x37, 0xd8, 0x21, 0xbd, 0xda, 0xae, 0x0c, 0xd1, 0x16, 0xd2, 0xc0, 0x17, + 0xbe, 0xe1, 0x9f, 0x4e, 0xec, 0x87, 0x7b, 0xca, 0x67, 0xa2, 0xc6, 0xf8, 0x00, 0xc1, 0xa1, 0x8b, + 0x99, 0xbd, 0xcf, 0xb5, 0x69, 0xb8, 0x87, 0x31, 0x4c, 0x7b, 0xa4, 0x45, 0x35, 0xb4, 0x8c, 0x56, + 0x2a, 0x26, 0xff, 0xc6, 0x1a, 0xcc, 0x85, 0x74, 0x3b, 0xa4, 0xd1, 0x8e, 0x56, 0xe2, 0xcd, 0x52, + 0xc4, 0x3a, 0x94, 0x99, 0x71, 0x6a, 0xc5, 0x91, 0x36, 0xb5, 0x3c, 0xb5, 0x52, 0x31, 0x53, 0x19, + 0xaf, 0xc0, 0xc1, 0x90, 0x46, 0x7e, 0x3b, 0xb4, 0xe8, 0xe7, 0x69, 0x18, 0x39, 0xbe, 0xa7, 0x4d, + 0xf3, 0xd1, 0xdd, 0xcd, 0x4c, 0x4b, 0x44, 0x5d, 0x6a, 0xc5, 0x7e, 0xa8, 0xcd, 0xf0, 0x2e, 0xa9, + 0xcc, 0xf0, 0x30, 0xe0, 0xda, 0x6c, 0x82, 0x87, 0x7d, 0x63, 0x03, 0xe6, 0x49, 0x10, 0xdc, 0x22, + 0x2d, 0x1a, 0x05, 0xc4, 0xa2, 0xda, 0x1c, 0xff, 0x2d, 0xd7, 0xc6, 0x30, 0x0b, 0x24, 0x5a, 0x99, + 0x03, 0x93, 0xa2, 0xb1, 0x01, 0x95, 0x5b, 0xbe, 0x4d, 0x07, 0x4f, 0xb7, 0x5b, 0x7d, 0xa9, 0x57, + 0xbd, 0xf1, 0x18, 0xc1, 0x11, 0x93, 0x76, 0x1c, 0x86, 0xff, 0x26, 0x8d, 0x89, 0x4d, 0x62, 0xd2, + 0xad, 0xb1, 0x94, 0x6a, 0xd4, 0xa1, 0x1c, 0x8a, 0xce, 0x5a, 0x89, 0xb7, 0xa7, 0x72, 0x8f, 0xb5, + 0xa9, 0xe2, 0xc9, 0x24, 0x2e, 0x4c, 0x27, 0xf3, 0x2f, 0x04, 0xc7, 0x94, 0x35, 0x34, 0x85, 0x67, + 0xaf, 0x74, 0xa8, 0x17, 0x47, 0x83, 0x01, 0x9d, 0x81, 0xc3, 0x72, 0x11, 0xba, 0xe7, 0xd9, 0xfb, + 0x03, 0x83, 0xa8, 0x36, 0x4a, 0x88, 0x6a, 0x1b, 0x5e, 0x86, 0xaa, 0x94, 0xef, 0xde, 0xb8, 0x2c, + 0x60, 0xaa, 0x4d, 0x3d, 0x13, 0x9d, 0x29, 0x9e, 0xe8, 0x6c, 0x7e, 0xa2, 0x5f, 0x47, 0xa0, 0x29, + 0x13, 0xbd, 0x49, 0x3c, 0x67, 0x9b, 0x46, 0xf1, 0xa8, 0x3e, 0x47, 0x13, 0xf4, 0xf9, 0x0b, 0x50, + 0xb9, 0xea, 0xb8, 0x74, 0x63, 0xa7, 0xed, 0xed, 0xe2, 0x67, 0x61, 0xc6, 0x62, 0x1f, 0xdc, 0xf6, + 0xbc, 0x99, 0x08, 0xc6, 0xb7, 0x11, 0xbc, 0x30, 0x08, 0xed, 0x3d, 0x27, 0xde, 0x61, 0xe3, 0xa3, + 0x41, 0xb0, 0xad, 0x1d, 0x6a, 0xed, 0x46, 0xed, 0x96, 0xa4, 0x8a, 0x94, 0xc7, 0x84, 0xfd, 0x33, + 0x04, 0x2b, 0x43, 0x31, 0xdd, 0x0b, 0x49, 0x10, 0xd0, 0x10, 0x5f, 0x85, 0x99, 0xfb, 0xec, 0x07, + 0xbe, 0x31, 0xaa, 0x8d, 0x5a, 0x4d, 0x0d, 0xac, 0x43, 0xb5, 0x5c, 0xff, 0x88, 0x99, 0x0c, 0xc7, + 0x35, 0xe9, 0x9e, 0x12, 0xd7, 0xb3, 0x98, 0xd3, 0x93, 0x7a, 0x91, 0xf5, 0xe7, 0xdd, 0x2e, 0xcd, + 0xc2, 0x74, 0x40, 0xc2, 0xd8, 0x38, 0x02, 0xcf, 0xe4, 0x69, 0x1d, 0xf8, 0x5e, 0x44, 0x8d, 0xdf, + 0xe4, 0x59, 0xb0, 0x11, 0x52, 0x12, 0x53, 0x93, 0xde, 0x6f, 0xd3, 0x28, 0xc6, 0xbb, 0xa0, 0xc6, + 0x7a, 0xee, 0xd5, 0x6a, 0xe3, 0x46, 0x2d, 0x0b, 0x96, 0x35, 0x19, 0x2c, 0xf9, 0xc7, 0x97, 0x2c, + 0xbb, 0xd6, 0x69, 0xd4, 0x82, 0xdd, 0x66, 0x8d, 0x85, 0xde, 0x1c, 0x32, 0x19, 0x7a, 0xd5, 0xa9, + 0x9a, 0xaa, 0x76, 0xbc, 0x08, 0xb3, 0xed, 0x20, 0xa2, 0x61, 0xcc, 0x67, 0x56, 0x36, 0x85, 0xc4, + 0xd6, 0xaf, 0x43, 0x5c, 0xc7, 0x26, 0x71, 0xb2, 0x3e, 0x65, 0x33, 0x95, 0x8d, 0xdf, 0xe6, 0xd1, + 0xdf, 0x0d, 0xec, 0x0f, 0x0b, 0xbd, 0x8a, 0xb2, 0x94, 0x47, 0xa9, 0x32, 0x68, 0x2a, 0xcf, 0xa0, + 0x5f, 0xe5, 0xf1, 0x5f, 0xa6, 0x2e, 0xcd, 0xf0, 0xf7, 0x23, 0xb3, 0x06, 0x73, 0x16, 0x89, 0x2c, + 0x62, 0x4b, 0x2b, 0x52, 0x64, 0x01, 0x28, 0x08, 0xfd, 0x80, 0x34, 0xb9, 0xa6, 0xdb, 0xbe, 0xeb, + 0x58, 0x7b, 0xc2, 0x5c, 0xef, 0x0f, 0x3d, 0xc4, 0x9f, 0x2e, 0x26, 0xfe, 0x4c, 0x1e, 0xf6, 0x71, + 0xa8, 0x6e, 0xed, 0x79, 0xd6, 0xeb, 0x01, 0xcf, 0xf5, 0x6c, 0xc7, 0x3a, 0x31, 0x6d, 0x45, 0x1a, + 0xe2, 0x79, 0x21, 0x11, 0x8c, 0xf7, 0x67, 0x60, 0x51, 0x99, 0x1b, 0x1b, 0x50, 0x34, 0xb3, 0xa2, + 0xe8, 0xb2, 0x08, 0xb3, 0x76, 0xb8, 0x67, 0xb6, 0x3d, 0x41, 0x00, 0x21, 0x31, 0xc3, 0x41, 0xd8, + 0xf6, 0x12, 0xf8, 0x65, 0x33, 0x11, 0xf0, 0x36, 0x94, 0xa3, 0x98, 0x65, 0xf7, 0xe6, 0x1e, 0x07, + 0x5e, 0x6d, 0x7c, 0x66, 0xbc, 0x45, 0x67, 0xd0, 0xb7, 0x84, 0x46, 0x33, 0xd5, 0x8d, 0xef, 0x43, + 0x45, 0x46, 0xe3, 0x48, 0x9b, 0x5b, 0x9e, 0x5a, 0xa9, 0x36, 0xb6, 0xc6, 0x37, 0xf4, 0x7a, 0xc0, + 0x4e, 0x26, 0x4a, 0xe6, 0x31, 0x33, 0x2b, 0x78, 0x09, 0x2a, 0x2d, 0x11, 0x1f, 0x22, 0x91, 0x85, + 0xb3, 0x06, 0xfc, 0x05, 0x98, 0x71, 0xbc, 0x6d, 0x3f, 0xd2, 0x2a, 0x1c, 0xcc, 0xa5, 0xf1, 0xc0, + 0xdc, 0xf0, 0xb6, 0x7d, 0x33, 0x51, 0x88, 0xef, 0xc3, 0x42, 0x48, 0xe3, 0x70, 0x4f, 0x7a, 0x41, + 0x03, 0xee, 0xd7, 0xcf, 0x8e, 0x67, 0xc1, 0x54, 0x55, 0x9a, 0x79, 0x0b, 0x78, 0x1d, 0xaa, 0x51, + 0xc6, 0x31, 0xad, 0xca, 0x0d, 0x6a, 0x39, 0x45, 0x0a, 0x07, 0x4d, 0xb5, 0x73, 0x0f, 0xbb, 0xe7, + 0x8b, 0xd9, 0xbd, 0x90, 0x67, 0xf7, 0x7f, 0x10, 0x2c, 0xf5, 0x04, 0x95, 0xad, 0x80, 0x16, 0xd2, + 0x97, 0xc0, 0x74, 0x14, 0x50, 0x8b, 0x67, 0x98, 0x6a, 0xe3, 0xe6, 0xc4, 0xa2, 0x0c, 0xb7, 0xcb, + 0x55, 0x17, 0x05, 0xc2, 0x31, 0xf7, 0xf3, 0x8f, 0x10, 0x7c, 0x54, 0xb1, 0x79, 0x9b, 0xc4, 0xd6, + 0x4e, 0xd1, 0x64, 0xd9, 0xbe, 0x63, 0x7d, 0x44, 0x3e, 0x4d, 0x04, 0x46, 0x4e, 0xfe, 0x71, 0x67, + 0x2f, 0x60, 0x00, 0xd9, 0x2f, 0x59, 0xc3, 0x98, 0x87, 0x95, 0x9f, 0x23, 0xd0, 0xd5, 0xd8, 0xeb, + 0xbb, 0xee, 0x9b, 0xc4, 0xda, 0x2d, 0x02, 0x79, 0x00, 0x4a, 0x8e, 0xcd, 0x11, 0x4e, 0x99, 0x25, + 0xc7, 0xde, 0x67, 0x10, 0xe9, 0x86, 0x3b, 0x5b, 0x0c, 0x77, 0x2e, 0x0f, 0xf7, 0x83, 0x2e, 0xb8, + 0x72, 0x2b, 0x17, 0xc0, 0x5d, 0x82, 0x8a, 0xd7, 0x75, 0x70, 0xcc, 0x1a, 0xfa, 0x1c, 0x18, 0x4b, + 0x3d, 0x07, 0x46, 0x0d, 0xe6, 0x3a, 0xe9, 0xb5, 0x80, 0xfd, 0x2c, 0x45, 0x36, 0xc5, 0x66, 0xe8, + 0xb7, 0x03, 0xe1, 0xf4, 0x44, 0x60, 0x28, 0x76, 0x1d, 0xcf, 0xd6, 0x66, 0x13, 0x14, 0xec, 0x7b, + 0xff, 0x17, 0x81, 0xdc, 0xb4, 0x7f, 0x51, 0x82, 0x8f, 0xf5, 0x99, 0xf6, 0x50, 0x3e, 0x3d, 0x1d, + 0x73, 0x4f, 0x59, 0x3d, 0x37, 0x90, 0xd5, 0xe5, 0x61, 0xac, 0xae, 0x14, 0xfb, 0x0b, 0xf2, 0xfe, + 0xfa, 0x69, 0x09, 0x96, 0xfb, 0xf8, 0x6b, 0xf8, 0x31, 0xe0, 0xa9, 0x71, 0xd8, 0xb6, 0x1f, 0x0a, + 0x96, 0x94, 0xcd, 0x44, 0x60, 0xfb, 0xcc, 0x0f, 0x83, 0x1d, 0xe2, 0x71, 0x76, 0x94, 0x4d, 0x21, + 0x8d, 0xe9, 0xaa, 0x6f, 0x94, 0x40, 0x93, 0xfe, 0xb9, 0x68, 0x71, 0x6f, 0xb5, 0xbd, 0xa7, 0xdf, + 0x45, 0x8b, 0x30, 0x4b, 0x38, 0x5a, 0x41, 0x2a, 0x21, 0xf5, 0x38, 0xa3, 0x5c, 0xec, 0x8c, 0x4a, + 0xde, 0x19, 0x8f, 0x11, 0x1c, 0xcd, 0x3b, 0x23, 0xda, 0x74, 0xa2, 0x58, 0x1e, 0xea, 0xf1, 0x36, + 0xcc, 0x25, 0x76, 0x92, 0x23, 0x59, 0xb5, 0xb1, 0x39, 0x6e, 0xa2, 0xce, 0x39, 0x5e, 0x2a, 0x37, + 0x5e, 0x86, 0xa3, 0x7d, 0xa3, 0x9c, 0x80, 0xa1, 0x43, 0x59, 0x1e, 0x4e, 0xc4, 0xd2, 0xa4, 0xb2, + 0xf1, 0x78, 0x3a, 0x9f, 0x72, 0x7c, 0x7b, 0xd3, 0x6f, 0x16, 0xdc, 0xaf, 0x8b, 0x97, 0x93, 0xb9, + 0xca, 0xb7, 0x95, 0xab, 0xb4, 0x14, 0xd9, 0x38, 0xcb, 0xf7, 0x62, 0xe2, 0x78, 0x34, 0x14, 0x59, + 0x31, 0x6b, 0x60, 0xcb, 0x10, 0x39, 0x9e, 0x45, 0xb7, 0xa8, 0xe5, 0x7b, 0x76, 0xc4, 0xd7, 0x73, + 0xca, 0xcc, 0xb5, 0xe1, 0xeb, 0x50, 0xe1, 0xf2, 0x1d, 0xa7, 0x95, 0xa4, 0x81, 0x6a, 0x63, 0xb5, + 0x96, 0xd4, 0xac, 0x6a, 0x6a, 0xcd, 0x2a, 0xf3, 0x61, 0x8b, 0xc6, 0xa4, 0xd6, 0x39, 0x57, 0x63, + 0x23, 0xcc, 0x6c, 0x30, 0xc3, 0x12, 0x13, 0xc7, 0xdd, 0x74, 0x3c, 0x7e, 0x60, 0x64, 0xa6, 0xb2, + 0x06, 0x46, 0x95, 0x6d, 0xdf, 0x75, 0xfd, 0x07, 0x72, 0xdf, 0x24, 0x12, 0x1b, 0xd5, 0xf6, 0x62, + 0xc7, 0xe5, 0xf6, 0x13, 0x22, 0x64, 0x0d, 0x7c, 0x94, 0xe3, 0xc6, 0x34, 0x14, 0x1b, 0x46, 0x48, + 0x29, 0x19, 0xab, 0x49, 0x19, 0x46, 0xee, 0xd7, 0x84, 0xb6, 0xf3, 0x2a, 0x6d, 0xbb, 0xb7, 0xc2, + 0x42, 0x9f, 0x5a, 0x04, 0xaf, 0x4a, 0xd1, 0x8e, 0xe3, 0xb7, 0x23, 0xed, 0x40, 0x72, 0xf4, 0x90, + 0x72, 0x0f, 0x95, 0x0f, 0x16, 0x53, 0xf9, 0x50, 0x9e, 0xca, 0xbf, 0x43, 0x50, 0xde, 0xf4, 0x9b, + 0x57, 0xbc, 0x38, 0xdc, 0xe3, 0xb7, 0x1b, 0xdf, 0x8b, 0xa9, 0x27, 0xf9, 0x22, 0x45, 0xb6, 0x08, + 0xb1, 0xd3, 0xa2, 0x5b, 0x31, 0x69, 0x05, 0xe2, 0x8c, 0xb5, 0xaf, 0x45, 0x48, 0x07, 0x33, 0xc7, + 0xb8, 0x24, 0x8a, 0xf9, 0x8e, 0x2f, 0x9b, 0xfc, 0x9b, 0x4d, 0x21, 0xed, 0xb0, 0x15, 0x87, 0x62, + 0xbb, 0xe7, 0xda, 0x54, 0x8a, 0xcd, 0x24, 0xd8, 0x84, 0x68, 0xb4, 0xe0, 0xb9, 0xf4, 0xd0, 0x7e, + 0x87, 0x86, 0x2d, 0xc7, 0x23, 0xc5, 0xd1, 0x7b, 0x84, 0x72, 0x58, 0xc1, 0x9d, 0xd1, 0xcf, 0x6d, + 0x3a, 0x76, 0x06, 0xbe, 0xe7, 0x78, 0xb6, 0xff, 0xa0, 0x60, 0xf3, 0x8c, 0x67, 0xf0, 0xaf, 0xf9, + 0x8a, 0x98, 0x62, 0x31, 0xdd, 0xe9, 0xd7, 0x61, 0x81, 0xc5, 0x84, 0x0e, 0x15, 0x3f, 0x88, 0xb0, + 0x63, 0x0c, 0x2a, 0x72, 0x64, 0x3a, 0xcc, 0xfc, 0x40, 0xbc, 0x09, 0x07, 0x49, 0x14, 0x39, 0x4d, + 0x8f, 0xda, 0x52, 0x57, 0x69, 0x64, 0x5d, 0xdd, 0x43, 0x93, 0xeb, 0x32, 0xef, 0x21, 0xd6, 0x5b, + 0x8a, 0xc6, 0xd7, 0x10, 0x1c, 0xe9, 0xab, 0x24, 0xdd, 0x39, 0x48, 0x09, 0xe3, 0x3a, 0x94, 0x23, + 0x6b, 0x87, 0xda, 0x6d, 0x97, 0xca, 0x1a, 0x92, 0x94, 0xd9, 0x6f, 0x76, 0x3b, 0x59, 0x7d, 0x91, + 0x46, 0x52, 0x19, 0x1f, 0x03, 0x68, 0x11, 0xaf, 0x4d, 0x5c, 0x0e, 0x61, 0x9a, 0x43, 0x50, 0x5a, + 0x8c, 0x25, 0xd0, 0xfb, 0x51, 0x47, 0xd4, 0x66, 0xfe, 0x8d, 0xe0, 0x80, 0x0c, 0xaa, 0x62, 0x75, + 0x57, 0xe0, 0xa0, 0xe2, 0x86, 0x5b, 0xd9, 0x42, 0x77, 0x37, 0x0f, 0x09, 0x98, 0x92, 0x25, 0x53, + 0xf9, 0xa2, 0x74, 0x27, 0x57, 0x56, 0x1e, 0x39, 0xdf, 0xa1, 0x09, 0x9d, 0x1f, 0xbf, 0x0a, 0xda, + 0x4d, 0xe2, 0x91, 0x26, 0xb5, 0xd3, 0x69, 0xa7, 0x14, 0xfb, 0xb2, 0x5a, 0x64, 0x18, 0xfb, 0x4a, + 0x9f, 0x1e, 0xb5, 0x9c, 0xed, 0x6d, 0x59, 0xb0, 0x08, 0xa1, 0xbc, 0xe9, 0x78, 0xbb, 0xec, 0xde, + 0xcb, 0x66, 0x1c, 0x3b, 0xb1, 0x2b, 0xbd, 0x9b, 0x08, 0xf8, 0x10, 0x4c, 0xb5, 0x43, 0x57, 0x30, + 0x80, 0x7d, 0xe2, 0x65, 0xa8, 0xda, 0x34, 0xb2, 0x42, 0x27, 0x10, 0xeb, 0xcf, 0x8b, 0xb4, 0x4a, + 0x13, 0x5b, 0x07, 0xc7, 0xf2, 0xbd, 0x0d, 0x97, 0x44, 0x91, 0x4c, 0x40, 0x69, 0x83, 0xf1, 0x2a, + 0x2c, 0x30, 0x9b, 0xd9, 0x34, 0x4f, 0xe7, 0xa7, 0x79, 0x24, 0x07, 0x5f, 0xc2, 0x93, 0x88, 0x09, + 0x3c, 0xc3, 0xf2, 0xfe, 0xc5, 0x20, 0x10, 0x4a, 0x46, 0x3c, 0x0e, 0x4d, 0xf5, 0xcb, 0x9f, 0x7d, + 0x6b, 0x9c, 0x8d, 0xbf, 0x1f, 0x07, 0xac, 0xee, 0x13, 0x1a, 0x76, 0x1c, 0x8b, 0xe2, 0xef, 0x20, + 0x98, 0x66, 0xa6, 0xf1, 0xf3, 0x83, 0xb6, 0x25, 0xe7, 0xab, 0x3e, 0xb9, 0x8b, 0x30, 0xb3, 0x66, + 0x2c, 0xbd, 0xf5, 0xb7, 0x7f, 0x7e, 0xb7, 0xb4, 0x88, 0x9f, 0xe5, 0x2f, 0x4a, 0x9d, 0x73, 0xea, + 0xeb, 0x4e, 0x84, 0xdf, 0x46, 0x80, 0xc5, 0x39, 0x48, 0xa9, 0xd9, 0xe3, 0xd3, 0x83, 0x20, 0xf6, + 0xa9, 0xed, 0xeb, 0xcf, 0x2b, 0x59, 0xa5, 0x66, 0xf9, 0x21, 0x65, 0x39, 0x84, 0x77, 0xe0, 0x00, + 0x56, 0x39, 0x80, 0x13, 0xd8, 0xe8, 0x07, 0xa0, 0xfe, 0x90, 0x79, 0xf4, 0x51, 0x9d, 0x26, 0x76, + 0xdf, 0x45, 0x30, 0x73, 0x8f, 0xdf, 0x21, 0x86, 0x38, 0x69, 0x6b, 0x62, 0x4e, 0xe2, 0xe6, 0x38, + 0x5a, 0xe3, 0x38, 0x47, 0xfa, 0x3c, 0x3e, 0x2a, 0x91, 0x46, 0x71, 0x48, 0x49, 0x2b, 0x07, 0xf8, + 0x2c, 0xc2, 0xef, 0x21, 0x98, 0x4d, 0x8a, 0xbe, 0xf8, 0xe4, 0x20, 0x94, 0xb9, 0xa2, 0xb0, 0x3e, + 0xb9, 0x0a, 0xaa, 0xf1, 0x12, 0xc7, 0x78, 0xdc, 0xe8, 0xbb, 0x9c, 0xeb, 0xb9, 0xfa, 0xea, 0x3b, + 0x08, 0xa6, 0xae, 0xd1, 0xa1, 0x7c, 0x9b, 0x20, 0xb8, 0x1e, 0x07, 0xf6, 0x59, 0x6a, 0xfc, 0x13, + 0x04, 0xcf, 0x5d, 0xa3, 0x71, 0xff, 0xf4, 0x88, 0x57, 0x86, 0xe7, 0x2c, 0x41, 0xbb, 0xd3, 0x23, + 0xf4, 0x4c, 0xf3, 0x42, 0x9d, 0x23, 0x7b, 0x09, 0x9f, 0x2a, 0x22, 0x61, 0xb4, 0xe7, 0x59, 0x0f, + 0x04, 0x8e, 0x3f, 0x21, 0x38, 0xd4, 0xfd, 0xb6, 0x86, 0xf3, 0x09, 0xb5, 0xef, 0xd3, 0x9b, 0x7e, + 0x6b, 0xdc, 0x28, 0x9b, 0x57, 0x6a, 0x5c, 0xe4, 0xc8, 0x5f, 0xc1, 0x2f, 0x17, 0x21, 0x97, 0x65, + 0xdf, 0xa8, 0xfe, 0x50, 0x7e, 0x3e, 0xe2, 0xef, 0xc0, 0x1c, 0xf6, 0x9f, 0x11, 0x3c, 0x2b, 0xf5, + 0x6e, 0xec, 0x90, 0x30, 0xbe, 0x4c, 0xd9, 0x19, 0x3a, 0x1a, 0x69, 0x3e, 0x63, 0x66, 0x0d, 0xd5, + 0x9e, 0x71, 0x85, 0xcf, 0xe5, 0x53, 0xf8, 0xb5, 0x7d, 0xcf, 0xc5, 0x62, 0x6a, 0x6c, 0x01, 0xfb, + 0x2d, 0x04, 0xf3, 0xd7, 0x68, 0x7c, 0x33, 0xad, 0xe2, 0x9e, 0x1c, 0xe9, 0x65, 0x48, 0x5f, 0xaa, + 0x29, 0xcf, 0xcf, 0xf2, 0xa7, 0x94, 0x22, 0x6b, 0x1c, 0xdc, 0x29, 0x7c, 0xb2, 0x08, 0x5c, 0x56, + 0x39, 0x7e, 0x17, 0xc1, 0x11, 0x15, 0x44, 0xf6, 0xa2, 0xf6, 0x89, 0xfd, 0xbd, 0x53, 0x89, 0xd7, + 0xae, 0x21, 0xe8, 0x1a, 0x1c, 0xdd, 0x19, 0xa3, 0x3f, 0x81, 0x5b, 0x3d, 0x28, 0xd6, 0xd1, 0xea, + 0x0a, 0xc2, 0xbf, 0x47, 0x30, 0x9b, 0x14, 0x63, 0x07, 0xfb, 0x28, 0xf7, 0x02, 0x34, 0xc9, 0x68, + 0x20, 0x56, 0x5b, 0x3f, 0xdb, 0xdf, 0xa1, 0xea, 0x78, 0x49, 0xd5, 0x1a, 0xf7, 0x72, 0x3e, 0x8c, + 0xbd, 0x8f, 0x00, 0xb2, 0x82, 0x32, 0x7e, 0xa9, 0x78, 0x1e, 0x4a, 0xd1, 0x59, 0x9f, 0x6c, 0x49, + 0xd9, 0xa8, 0xf1, 0xf9, 0xac, 0xe8, 0xcb, 0x85, 0x31, 0x24, 0xa0, 0xd6, 0x7a, 0x52, 0x7c, 0xfe, + 0x31, 0x82, 0x19, 0x5e, 0xc7, 0xc3, 0x27, 0x06, 0x61, 0x56, 0xcb, 0x7c, 0x93, 0x74, 0xfd, 0x8b, + 0x1c, 0xea, 0x72, 0xa3, 0x28, 0x10, 0xaf, 0xa3, 0x55, 0xdc, 0x81, 0xd9, 0xa4, 0x72, 0x36, 0x98, + 0x1e, 0xb9, 0xca, 0x9a, 0xbe, 0x5c, 0x70, 0x30, 0x48, 0x88, 0x2a, 0x72, 0xc0, 0xea, 0xb0, 0x1c, + 0x30, 0xcd, 0xc2, 0x34, 0x3e, 0x5e, 0x14, 0xc4, 0xff, 0x0f, 0x8e, 0x39, 0xcd, 0xd1, 0x9d, 0x34, + 0x96, 0x87, 0xe5, 0x01, 0xe6, 0x9d, 0xef, 0x21, 0x38, 0xd4, 0x7d, 0xb8, 0xc6, 0x47, 0xbb, 0x62, + 0xa6, 0x7a, 0xd7, 0xd0, 0xf3, 0x5e, 0x1c, 0x74, 0x30, 0x37, 0x3e, 0xcd, 0x51, 0xac, 0xe3, 0x0b, + 0x43, 0x77, 0xc6, 0x2d, 0x19, 0x75, 0x98, 0xa2, 0xb5, 0xec, 0x55, 0xeb, 0xd7, 0x08, 0xe6, 0xa5, + 0xde, 0x3b, 0x21, 0xa5, 0xc5, 0xb0, 0x26, 0xb7, 0x11, 0x98, 0x2d, 0xe3, 0x55, 0x0e, 0xff, 0x93, + 0xf8, 0xfc, 0x88, 0xf0, 0x25, 0xec, 0xb5, 0x98, 0x21, 0xfd, 0x03, 0x82, 0xc3, 0xf7, 0x12, 0xde, + 0x7f, 0x48, 0xf8, 0x37, 0x38, 0xfe, 0xd7, 0xf0, 0x2b, 0x05, 0xe7, 0xbc, 0x61, 0xd3, 0x38, 0x8b, + 0xf0, 0x2f, 0x11, 0x94, 0xe5, 0xab, 0x0a, 0x3e, 0x35, 0x70, 0x63, 0xe4, 0xdf, 0x5d, 0x26, 0x49, + 0x66, 0x71, 0xa8, 0x31, 0x4e, 0x14, 0xa6, 0x53, 0x61, 0x9f, 0x11, 0xfa, 0x1d, 0x04, 0x38, 0xbd, + 0x33, 0xa7, 0xb7, 0x68, 0xfc, 0x62, 0xce, 0xd4, 0xc0, 0xc2, 0x8c, 0x7e, 0x6a, 0x68, 0xbf, 0x7c, + 0x2a, 0x5d, 0x2d, 0x4c, 0xa5, 0x7e, 0x6a, 0xff, 0x9b, 0x08, 0xaa, 0xd7, 0x68, 0x7a, 0x07, 0x29, + 0xf0, 0x65, 0xfe, 0x51, 0x48, 0x5f, 0x19, 0xde, 0x51, 0x20, 0x3a, 0xc3, 0x11, 0xbd, 0x88, 0x8b, + 0x5d, 0x25, 0x01, 0xfc, 0x00, 0xc1, 0xc2, 0x6d, 0x95, 0xa2, 0xf8, 0xcc, 0x30, 0x4b, 0xb9, 0x48, + 0x3e, 0x3a, 0xae, 0x8f, 0x73, 0x5c, 0x6b, 0xc6, 0x48, 0xb8, 0xd6, 0xc5, 0xfb, 0xca, 0x0f, 0x51, + 0x72, 0x89, 0xed, 0xaa, 0x67, 0xff, 0xaf, 0x7e, 0x2b, 0x28, 0x8b, 0x1b, 0xe7, 0x39, 0xbe, 0x1a, + 0x3e, 0x33, 0x0a, 0xbe, 0xba, 0x28, 0x72, 0xe3, 0xef, 0x23, 0x38, 0xcc, 0xdf, 0x1a, 0x54, 0xc5, + 0x5d, 0x29, 0x66, 0xd0, 0xcb, 0xc4, 0x08, 0x29, 0x46, 0xc4, 0x1f, 0x63, 0x5f, 0xa0, 0xd6, 0xe5, + 0x3b, 0xc2, 0xb7, 0x10, 0x1c, 0x90, 0x49, 0x4d, 0xac, 0xee, 0xda, 0x30, 0xc7, 0xed, 0x37, 0x09, + 0x0a, 0xba, 0xad, 0x8e, 0x46, 0xb7, 0xf7, 0x10, 0xcc, 0x89, 0x6a, 0x7e, 0xc1, 0x51, 0x41, 0x29, + 0xf7, 0xeb, 0x5d, 0x35, 0x0e, 0x51, 0x0c, 0x36, 0xbe, 0xc8, 0xcd, 0xde, 0xc5, 0xf5, 0x22, 0xb3, + 0x81, 0x6f, 0x47, 0xf5, 0x87, 0xa2, 0x12, 0xfb, 0xa8, 0xee, 0xfa, 0xcd, 0xe8, 0x0d, 0x03, 0x17, + 0x26, 0x44, 0xd6, 0xe7, 0x2c, 0xc2, 0x31, 0x54, 0x18, 0x39, 0x78, 0xe1, 0x04, 0x2f, 0x77, 0x95, + 0x59, 0x7a, 0x6a, 0x2a, 0xba, 0xde, 0x53, 0x88, 0xc9, 0x32, 0xa0, 0xb8, 0xc6, 0xe2, 0x17, 0x0a, + 0xcd, 0x72, 0x43, 0x6f, 0x23, 0x38, 0xac, 0xb2, 0x3d, 0x31, 0x3f, 0x32, 0xd7, 0x8b, 0x50, 0x88, + 0x43, 0x35, 0x5e, 0x1d, 0x89, 0x48, 0x1c, 0xce, 0xa5, 0xab, 0x7f, 0x7c, 0x72, 0x0c, 0xfd, 0xe5, + 0xc9, 0x31, 0xf4, 0x8f, 0x27, 0xc7, 0xd0, 0x1b, 0x17, 0x46, 0xfb, 0x4f, 0xad, 0xe5, 0x3a, 0xd4, + 0x8b, 0x55, 0xf5, 0xff, 0x0d, 0x00, 0x00, 0xff, 0xff, 0x30, 0xc0, 0x40, 0x7a, 0x39, 0x2c, 0x00, + 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -4180,6 +4339,13 @@ func (m *RevisionMetadataQuery) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x22 + } if m.AppNamespace != nil { i -= len(*m.AppNamespace) copy(dAtA[i:], *m.AppNamespace) @@ -4232,6 +4398,13 @@ func (m *ApplicationResourceEventsQuery) MarshalToSizedBuffer(dAtA []byte) (int, i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x32 + } if m.AppNamespace != nil { i -= len(*m.AppNamespace) copy(dAtA[i:], *m.AppNamespace) @@ -4296,6 +4469,13 @@ func (m *ApplicationManifestQuery) MarshalToSizedBuffer(dAtA []byte) (int, error i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x22 + } if m.AppNamespace != nil { i -= len(*m.AppNamespace) copy(dAtA[i:], *m.AppNamespace) @@ -4382,6 +4562,13 @@ func (m *ApplicationManifestQueryWithFiles) MarshalToSizedBuffer(dAtA []byte) (i i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x22 + } if m.AppNamespace != nil { i -= len(*m.AppNamespace) copy(dAtA[i:], *m.AppNamespace) @@ -4600,6 +4787,13 @@ func (m *ApplicationUpdateRequest) MarshalToSizedBuffer(dAtA []byte) (int, error i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x1a + } if m.Validate != nil { i-- if *m.Validate { @@ -4651,6 +4845,13 @@ func (m *ApplicationDeleteRequest) MarshalToSizedBuffer(dAtA []byte) (int, error i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x2a + } if m.AppNamespace != nil { i -= len(*m.AppNamespace) copy(dAtA[i:], *m.AppNamespace) @@ -4747,6 +4948,13 @@ func (m *ApplicationSyncRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x6a + } if m.AppNamespace != nil { i -= len(*m.AppNamespace) copy(dAtA[i:], *m.AppNamespace) @@ -4890,6 +5098,13 @@ func (m *ApplicationUpdateSpecRequest) MarshalToSizedBuffer(dAtA []byte) (int, e i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x2a + } if m.AppNamespace != nil { i -= len(*m.AppNamespace) copy(dAtA[i:], *m.AppNamespace) @@ -4957,6 +5172,13 @@ func (m *ApplicationPatchRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x32 + } if m.AppNamespace != nil { i -= len(*m.AppNamespace) copy(dAtA[i:], *m.AppNamespace) @@ -5018,6 +5240,13 @@ func (m *ApplicationRollbackRequest) MarshalToSizedBuffer(dAtA []byte) (int, err i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x3a + } if m.AppNamespace != nil { i -= len(*m.AppNamespace) copy(dAtA[i:], *m.AppNamespace) @@ -5088,6 +5317,13 @@ func (m *ApplicationResourceRequest) MarshalToSizedBuffer(dAtA []byte) (int, err i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x42 + } if m.AppNamespace != nil { i -= len(*m.AppNamespace) copy(dAtA[i:], *m.AppNamespace) @@ -5172,6 +5408,13 @@ func (m *ApplicationResourcePatchRequest) MarshalToSizedBuffer(dAtA []byte) (int i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x52 + } if m.AppNamespace != nil { i -= len(*m.AppNamespace) copy(dAtA[i:], *m.AppNamespace) @@ -5274,6 +5517,13 @@ func (m *ApplicationResourceDeleteRequest) MarshalToSizedBuffer(dAtA []byte) (in i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x52 + } if m.AppNamespace != nil { i -= len(*m.AppNamespace) copy(dAtA[i:], *m.AppNamespace) @@ -5378,6 +5628,13 @@ func (m *ResourceActionRunRequest) MarshalToSizedBuffer(dAtA []byte) (int, error i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x4a + } if m.AppNamespace != nil { i -= len(*m.AppNamespace) copy(dAtA[i:], *m.AppNamespace) @@ -5548,6 +5805,15 @@ func (m *ApplicationPodLogsQuery) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0x82 + } if m.AppNamespace != nil { i -= len(*m.AppNamespace) copy(dAtA[i:], *m.AppNamespace) @@ -5769,6 +6035,13 @@ func (m *OperationTerminateRequest) MarshalToSizedBuffer(dAtA []byte) (int, erro i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x1a + } if m.AppNamespace != nil { i -= len(*m.AppNamespace) copy(dAtA[i:], *m.AppNamespace) @@ -5812,6 +6085,13 @@ func (m *ApplicationSyncWindowsQuery) MarshalToSizedBuffer(dAtA []byte) (int, er i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x1a + } if m.AppNamespace != nil { i -= len(*m.AppNamespace) copy(dAtA[i:], *m.AppNamespace) @@ -6015,6 +6295,13 @@ func (m *ResourcesQuery) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x42 + } if m.AppNamespace != nil { i -= len(*m.AppNamespace) copy(dAtA[i:], *m.AppNamespace) @@ -6234,6 +6521,13 @@ func (m *ListAppLinksRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Project != nil { + i -= len(*m.Project) + copy(dAtA[i:], *m.Project) + i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project))) + i-- + dAtA[i] = 0x22 + } if m.Namespace != nil { i -= len(*m.Namespace) copy(dAtA[i:], *m.Namespace) @@ -6350,6 +6644,10 @@ func (m *RevisionMetadataQuery) Size() (n int) { l = len(*m.AppNamespace) n += 1 + l + sovApplication(uint64(l)) } + if m.Project != nil { + l = len(*m.Project) + n += 1 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6382,6 +6680,10 @@ func (m *ApplicationResourceEventsQuery) Size() (n int) { l = len(*m.AppNamespace) n += 1 + l + sovApplication(uint64(l)) } + if m.Project != nil { + l = len(*m.Project) + n += 1 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6406,6 +6708,10 @@ func (m *ApplicationManifestQuery) Size() (n int) { l = len(*m.AppNamespace) n += 1 + l + sovApplication(uint64(l)) } + if m.Project != nil { + l = len(*m.Project) + n += 1 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6446,6 +6752,10 @@ func (m *ApplicationManifestQueryWithFiles) Size() (n int) { l = len(*m.AppNamespace) n += 1 + l + sovApplication(uint64(l)) } + if m.Project != nil { + l = len(*m.Project) + n += 1 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6538,6 +6848,10 @@ func (m *ApplicationUpdateRequest) Size() (n int) { if m.Validate != nil { n += 2 } + if m.Project != nil { + l = len(*m.Project) + n += 1 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6565,6 +6879,10 @@ func (m *ApplicationDeleteRequest) Size() (n int) { l = len(*m.AppNamespace) n += 1 + l + sovApplication(uint64(l)) } + if m.Project != nil { + l = len(*m.Project) + n += 1 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6643,6 +6961,10 @@ func (m *ApplicationSyncRequest) Size() (n int) { l = len(*m.AppNamespace) n += 1 + l + sovApplication(uint64(l)) } + if m.Project != nil { + l = len(*m.Project) + n += 1 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6670,6 +6992,10 @@ func (m *ApplicationUpdateSpecRequest) Size() (n int) { l = len(*m.AppNamespace) n += 1 + l + sovApplication(uint64(l)) } + if m.Project != nil { + l = len(*m.Project) + n += 1 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6698,6 +7024,10 @@ func (m *ApplicationPatchRequest) Size() (n int) { l = len(*m.AppNamespace) n += 1 + l + sovApplication(uint64(l)) } + if m.Project != nil { + l = len(*m.Project) + n += 1 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6727,6 +7057,10 @@ func (m *ApplicationRollbackRequest) Size() (n int) { l = len(*m.AppNamespace) n += 1 + l + sovApplication(uint64(l)) } + if m.Project != nil { + l = len(*m.Project) + n += 1 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6767,6 +7101,10 @@ func (m *ApplicationResourceRequest) Size() (n int) { l = len(*m.AppNamespace) n += 1 + l + sovApplication(uint64(l)) } + if m.Project != nil { + l = len(*m.Project) + n += 1 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6815,6 +7153,10 @@ func (m *ApplicationResourcePatchRequest) Size() (n int) { l = len(*m.AppNamespace) n += 1 + l + sovApplication(uint64(l)) } + if m.Project != nil { + l = len(*m.Project) + n += 1 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6861,6 +7203,10 @@ func (m *ApplicationResourceDeleteRequest) Size() (n int) { l = len(*m.AppNamespace) n += 1 + l + sovApplication(uint64(l)) } + if m.Project != nil { + l = len(*m.Project) + n += 1 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6905,6 +7251,10 @@ func (m *ResourceActionRunRequest) Size() (n int) { l = len(*m.AppNamespace) n += 1 + l + sovApplication(uint64(l)) } + if m.Project != nil { + l = len(*m.Project) + n += 1 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -7007,6 +7357,10 @@ func (m *ApplicationPodLogsQuery) Size() (n int) { l = len(*m.AppNamespace) n += 1 + l + sovApplication(uint64(l)) } + if m.Project != nil { + l = len(*m.Project) + n += 2 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -7058,6 +7412,10 @@ func (m *OperationTerminateRequest) Size() (n int) { l = len(*m.AppNamespace) n += 1 + l + sovApplication(uint64(l)) } + if m.Project != nil { + l = len(*m.Project) + n += 1 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -7078,6 +7436,10 @@ func (m *ApplicationSyncWindowsQuery) Size() (n int) { l = len(*m.AppNamespace) n += 1 + l + sovApplication(uint64(l)) } + if m.Project != nil { + l = len(*m.Project) + n += 1 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -7184,6 +7546,10 @@ func (m *ResourcesQuery) Size() (n int) { l = len(*m.AppNamespace) n += 1 + l + sovApplication(uint64(l)) } + if m.Project != nil { + l = len(*m.Project) + n += 1 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -7268,6 +7634,10 @@ func (m *ListAppLinksRequest) Size() (n int) { l = len(*m.Namespace) n += 1 + l + sovApplication(uint64(l)) } + if m.Project != nil { + l = len(*m.Project) + n += 1 + l + sovApplication(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -7841,6 +8211,39 @@ func (m *RevisionMetadataQuery) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.AppNamespace = &s iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) @@ -8065,6 +8468,39 @@ func (m *ApplicationResourceEventsQuery) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.AppNamespace = &s iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) @@ -8220,26 +8656,59 @@ func (m *ApplicationManifestQuery) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.AppNamespace = &s iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipApplication(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthApplication - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - if hasFields[0]&uint64(0x00000001) == 0 { - return github_com_gogo_protobuf_proto.NewRequiredNotSetError("name") - } - + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipApplication(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthApplication + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + if hasFields[0]&uint64(0x00000001) == 0 { + return github_com_gogo_protobuf_proto.NewRequiredNotSetError("name") + } + if iNdEx > l { return io.ErrUnexpectedEOF } @@ -8466,6 +8935,39 @@ func (m *ApplicationManifestQueryWithFiles) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.AppNamespace = &s iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) @@ -8888,6 +9390,39 @@ func (m *ApplicationUpdateRequest) Unmarshal(dAtA []byte) error { } b := bool(v != 0) m.Validate = &b + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) @@ -9064,6 +9599,39 @@ func (m *ApplicationDeleteRequest) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.AppNamespace = &s iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) @@ -9552,6 +10120,39 @@ func (m *ApplicationSyncRequest) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.AppNamespace = &s iNdEx = postIndex + case 13: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) @@ -9732,6 +10333,39 @@ func (m *ApplicationUpdateSpecRequest) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.AppNamespace = &s iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) @@ -9925,6 +10559,39 @@ func (m *ApplicationPatchRequest) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.AppNamespace = &s iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) @@ -10116,6 +10783,39 @@ func (m *ApplicationRollbackRequest) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.AppNamespace = &s iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) @@ -10407,7 +11107,40 @@ func (m *ApplicationResourceRequest) Unmarshal(dAtA []byte) error { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) - m.AppNamespace = &s + m.AppNamespace = &s + iNdEx = postIndex + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s iNdEx = postIndex default: iNdEx = preIndex @@ -10776,6 +11509,39 @@ func (m *ApplicationResourcePatchRequest) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.AppNamespace = &s iNdEx = postIndex + case 10: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) @@ -11123,6 +11889,39 @@ func (m *ApplicationResourceDeleteRequest) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.AppNamespace = &s iNdEx = postIndex + case 10: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) @@ -11456,6 +12255,39 @@ func (m *ResourceActionRunRequest) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.AppNamespace = &s iNdEx = postIndex + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) @@ -12146,6 +12978,39 @@ func (m *ApplicationPodLogsQuery) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.AppNamespace = &s iNdEx = postIndex + case 16: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) @@ -12496,6 +13361,39 @@ func (m *OperationTerminateRequest) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.AppNamespace = &s iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) @@ -12618,6 +13516,39 @@ func (m *ApplicationSyncWindowsQuery) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.AppNamespace = &s iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) @@ -13289,6 +14220,39 @@ func (m *ResourcesQuery) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.AppNamespace = &s iNdEx = postIndex + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) @@ -13773,6 +14737,39 @@ func (m *ListAppLinksRequest) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.Namespace = &s iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Project = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) diff --git a/server/application/application.go b/server/application/application.go index ec5516dac6d2b..66908fdae7096 100644 --- a/server/application/application.go +++ b/server/application/application.go @@ -140,42 +140,88 @@ func NewServer( // getAppEnforceRBAC gets the Application with the given name in the given namespace. If no namespace is // specified, the Application is fetched from the default namespace (the one in which the API server is running). // -// If the Application does not exist, then we have no way of determining if the user would have had access to get that -// Application. Verifying access requires knowing the Application's name, namespace, and project. The user may specify, -// at minimum, the Application name. +// If the user does not provide a "project," then we have to be very careful how we respond. If an app with the given +// name exists, and the user has access to that app in the app's project, we return the app. If the app exists but the +// user does not have access, we return "permission denied." If the app does not exist, we return "permission denied" - +// if we responded with a 404, then the user could infer that the app exists when they get "permission denied." // -// So to prevent a malicious user from inferring the existence or absense of the Application or namespace, we respond -// "permission denied" if the Application does not exist. -func (s *Server) getAppEnforceRBAC(ctx context.Context, action, namespace, name string, getApp func() (*appv1.Application, error)) (*appv1.Application, error) { +// If the user does provide a "project," we can respond more specifically. If the user does not have access to the given +// app name in the given project, we return "permission denied." If the app exists, but the project is different from +func (s *Server) getAppEnforceRBAC(ctx context.Context, action, project, namespace, name string, getApp func() (*appv1.Application, error)) (*appv1.Application, error) { logCtx := log.WithFields(map[string]interface{}{ "application": name, "namespace": namespace, }) + if project != "" { + // The user has provided everything we need to perform an initial RBAC check. + givenRBACName := security.RBACName(s.ns, project, namespace, name) + if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplications, action, givenRBACName); err != nil { + logCtx.WithFields(map[string]interface{}{ + "project": project, + argocommon.SecurityField: argocommon.SecurityMedium, + }).Warnf("user tried to %s application which they do not have access to: %s", action, err) + // Do a GET on the app. This ensures that the timing of a "no access" response is the same as a "yes access, + // but the app is in a different project" response. We don't want the user inferring the existence of the + // app from response time. + _, _ = getApp() + return nil, permissionDeniedErr + } + } a, err := getApp() if err != nil { if apierr.IsNotFound(err) { + if project != "" { + // We know that the user was allowed to get the Application, but the Application does not exist. Return 404. + return nil, status.Errorf(codes.NotFound, apierr.NewNotFound(schema.GroupResource{Group: "argoproj.io", Resource: "applications"}, name).Error()) + } + // We don't know if the user was allowed to get the Application, and we don't want to leak information about + // the Application's existence. Return 403. logCtx.Warn("application does not exist") return nil, permissionDeniedErr } logCtx.Errorf("failed to get application: %s", err) return nil, permissionDeniedErr } + // Even if we performed an initial RBAC check (because the request was fully parameterized), we still need to + // perform a second RBAC check to ensure that the user has access to the actual Application's project (not just the + // project they specified in the request). if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplications, action, a.RBACName(s.ns)); err != nil { logCtx.WithFields(map[string]interface{}{ "project": a.Spec.Project, argocommon.SecurityField: argocommon.SecurityMedium, }).Warnf("user tried to %s application which they do not have access to: %s", action, err) + if project != "" { + // The user specified a project. We would have returned a 404 if the user had access to the app, but the app + // did not exist. So we have to return a 404 when the app does exist, but the user does not have access. + // Otherwise, they could infer that the app exists based on the error code. + return nil, status.Errorf(codes.NotFound, apierr.NewNotFound(schema.GroupResource{Group: "argoproj.io", Resource: "applications"}, name).Error()) + } + // The user didn't specify a project. We always return permission denied for both lack of access and lack of + // existence. return nil, permissionDeniedErr } + effectiveProject := "default" + if a.Spec.Project != "" { + effectiveProject = a.Spec.Project + } + if project != "" && effectiveProject != project { + logCtx.WithFields(map[string]interface{}{ + "project": a.Spec.Project, + argocommon.SecurityField: argocommon.SecurityMedium, + }).Warnf("user tried to %s application in project %s, but the application is in project %s", action, project, effectiveProject) + // The user has access to the app, but the app is in a different project. Return 404, meaning "app doesn't + // exist in that project". + return nil, status.Errorf(codes.NotFound, apierr.NewNotFound(schema.GroupResource{Group: "argoproj.io", Resource: "applications"}, name).Error()) + } return a, nil } // getApplicationEnforceRBACInformer uses an informer to get an Application. If the app does not exist, permission is // denied, or any other error occurs when getting the app, we return a permission denied error to obscure any sensitive // information. -func (s *Server) getApplicationEnforceRBACInformer(ctx context.Context, action, namespace, name string) (*appv1.Application, error) { +func (s *Server) getApplicationEnforceRBACInformer(ctx context.Context, action, project, namespace, name string) (*appv1.Application, error) { namespaceOrDefault := s.appNamespaceOrDefault(namespace) - return s.getAppEnforceRBAC(ctx, action, namespaceOrDefault, name, func() (*appv1.Application, error) { + return s.getAppEnforceRBAC(ctx, action, project, namespaceOrDefault, name, func() (*appv1.Application, error) { return s.appLister.Applications(namespaceOrDefault).Get(name) }) } @@ -183,9 +229,9 @@ func (s *Server) getApplicationEnforceRBACInformer(ctx context.Context, action, // getApplicationEnforceRBACClient uses a client to get an Application. If the app does not exist, permission is denied, // or any other error occurs when getting the app, we return a permission denied error to obscure any sensitive // information. -func (s *Server) getApplicationEnforceRBACClient(ctx context.Context, action, namespace, name, resourceVersion string) (*appv1.Application, error) { +func (s *Server) getApplicationEnforceRBACClient(ctx context.Context, action, project, namespace, name, resourceVersion string) (*appv1.Application, error) { namespaceOrDefault := s.appNamespaceOrDefault(namespace) - return s.getAppEnforceRBAC(ctx, action, namespaceOrDefault, name, func() (*appv1.Application, error) { + return s.getAppEnforceRBAC(ctx, action, project, namespaceOrDefault, name, func() (*appv1.Application, error) { return s.appclientset.ArgoprojV1alpha1().Applications(namespaceOrDefault).Get(ctx, name, metav1.GetOptions{ ResourceVersion: resourceVersion, }) @@ -379,7 +425,7 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan if q.Name == nil || *q.Name == "" { return nil, fmt.Errorf("invalid request: application name is missing") } - a, err := s.getApplicationEnforceRBACInformer(ctx, rbacpolicy.ActionGet, q.GetAppNamespace(), q.GetName()) + a, err := s.getApplicationEnforceRBACInformer(ctx, rbacpolicy.ActionGet, q.GetProject(), q.GetAppNamespace(), q.GetName()) if err != nil { return nil, err } @@ -484,7 +530,7 @@ func (s *Server) GetManifestsWithFiles(stream application.ApplicationService_Get return fmt.Errorf("invalid request: application name is missing") } - a, err := s.getApplicationEnforceRBACInformer(ctx, rbacpolicy.ActionGet, query.GetAppNamespace(), query.GetName()) + a, err := s.getApplicationEnforceRBACInformer(ctx, rbacpolicy.ActionGet, query.GetProject(), query.GetAppNamespace(), query.GetName()) if err != nil { return err } @@ -590,10 +636,17 @@ func (s *Server) Get(ctx context.Context, q *application.ApplicationQuery) (*app appName := q.GetName() appNs := s.appNamespaceOrDefault(q.GetAppNamespace()) + project := "" + projects := getProjectsFromApplicationQuery(*q) + if len(projects) == 1 { + project = projects[0] + } else if len(projects) > 1 { + return nil, status.Errorf(codes.InvalidArgument, "multiple projects specified - the get endpoint accepts either zero or one project") + } // We must use a client Get instead of an informer Get, because it's common to call Get immediately // following a Watch (which is not yet powered by an informer), and the Get must reflect what was // previously seen by the client. - a, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionGet, appNs, appName, q.GetResourceVersion()) + a, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionGet, project, appNs, appName, q.GetResourceVersion()) if err != nil { return nil, err } @@ -676,7 +729,7 @@ func (s *Server) Get(ctx context.Context, q *application.ApplicationQuery) (*app // ListResourceEvents returns a list of event resources func (s *Server) ListResourceEvents(ctx context.Context, q *application.ApplicationResourceEventsQuery) (*v1.EventList, error) { - a, err := s.getApplicationEnforceRBACInformer(ctx, rbacpolicy.ActionGet, q.GetAppNamespace(), q.GetName()) + a, err := s.getApplicationEnforceRBACInformer(ctx, rbacpolicy.ActionGet, q.GetProject(), q.GetAppNamespace(), q.GetName()) if err != nil { return nil, err } @@ -738,11 +791,13 @@ func (s *Server) ListResourceEvents(ctx context.Context, q *application.Applicat return list, nil } -func (s *Server) validateAndUpdateApp(ctx context.Context, newApp *appv1.Application, merge bool, validate bool, action string) (*appv1.Application, error) { +// validateAndUpdateApp validates and updates the application. currentProject is the name of the project the app +// currently is under. If not specified, we assume that the app is under the project specified in the app spec. +func (s *Server) validateAndUpdateApp(ctx context.Context, newApp *appv1.Application, merge bool, validate bool, action string, currentProject string) (*appv1.Application, error) { s.projectLock.RLock(newApp.Spec.GetProject()) defer s.projectLock.RUnlock(newApp.Spec.GetProject()) - app, err := s.getApplicationEnforceRBACClient(ctx, action, newApp.Namespace, newApp.Name, "") + app, err := s.getApplicationEnforceRBACClient(ctx, action, currentProject, newApp.Namespace, newApp.Name, "") if err != nil { return nil, err } @@ -840,7 +895,7 @@ func (s *Server) updateApp(app *appv1.Application, newApp *appv1.Application, ct // Update updates an application func (s *Server) Update(ctx context.Context, q *application.ApplicationUpdateRequest) (*appv1.Application, error) { if q.GetApplication() == nil { - return nil, fmt.Errorf("error creating application: application is nil in request") + return nil, fmt.Errorf("error updating application: application is nil in request") } a := q.GetApplication() if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplications, rbacpolicy.ActionUpdate, a.RBACName(s.ns)); err != nil { @@ -851,7 +906,7 @@ func (s *Server) Update(ctx context.Context, q *application.ApplicationUpdateReq if q.Validate != nil { validate = *q.Validate } - return s.validateAndUpdateApp(ctx, q.Application, false, validate, rbacpolicy.ActionUpdate) + return s.validateAndUpdateApp(ctx, q.Application, false, validate, rbacpolicy.ActionUpdate, q.GetProject()) } // UpdateSpec updates an application spec and filters out any invalid parameter overrides @@ -859,7 +914,7 @@ func (s *Server) UpdateSpec(ctx context.Context, q *application.ApplicationUpdat if q.GetSpec() == nil { return nil, fmt.Errorf("error updating application spec: spec is nil in request") } - a, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionUpdate, q.GetAppNamespace(), q.GetName(), "") + a, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionUpdate, q.GetProject(), q.GetAppNamespace(), q.GetName(), "") if err != nil { return nil, err } @@ -869,7 +924,7 @@ func (s *Server) UpdateSpec(ctx context.Context, q *application.ApplicationUpdat if q.Validate != nil { validate = *q.Validate } - a, err = s.validateAndUpdateApp(ctx, a, false, validate, rbacpolicy.ActionUpdate) + a, err = s.validateAndUpdateApp(ctx, a, false, validate, rbacpolicy.ActionUpdate, q.GetProject()) if err != nil { return nil, fmt.Errorf("error validating and updating app: %w", err) } @@ -878,7 +933,7 @@ func (s *Server) UpdateSpec(ctx context.Context, q *application.ApplicationUpdat // Patch patches an application func (s *Server) Patch(ctx context.Context, q *application.ApplicationPatchRequest) (*appv1.Application, error) { - app, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionGet, q.GetAppNamespace(), q.GetName(), "") + app, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionGet, q.GetProject(), q.GetAppNamespace(), q.GetName(), "") if err != nil { return nil, err } @@ -918,14 +973,14 @@ func (s *Server) Patch(ctx context.Context, q *application.ApplicationPatchReque if err != nil { return nil, fmt.Errorf("error unmarshaling patched app: %w", err) } - return s.validateAndUpdateApp(ctx, newApp, false, true, rbacpolicy.ActionUpdate) + return s.validateAndUpdateApp(ctx, newApp, false, true, rbacpolicy.ActionUpdate, q.GetProject()) } // Delete removes an application and all associated resources func (s *Server) Delete(ctx context.Context, q *application.ApplicationDeleteRequest) (*application.ApplicationResponse, error) { appName := q.GetName() appNs := s.appNamespaceOrDefault(q.GetAppNamespace()) - a, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionGet, appNs, appName, "") + a, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionGet, q.GetProject(), appNs, appName, "") if err != nil { return nil, err } @@ -1193,7 +1248,7 @@ func (s *Server) getAppResources(ctx context.Context, a *appv1.Application) (*ap } func (s *Server) getAppLiveResource(ctx context.Context, action string, q *application.ApplicationResourceRequest) (*appv1.ResourceNode, *rest.Config, *appv1.Application, error) { - a, err := s.getApplicationEnforceRBACInformer(ctx, action, q.GetAppNamespace(), q.GetName()) + a, err := s.getApplicationEnforceRBACInformer(ctx, action, q.GetProject(), q.GetAppNamespace(), q.GetName()) if err != nil { return nil, nil, nil, err } @@ -1260,6 +1315,7 @@ func (s *Server) PatchResource(ctx context.Context, q *application.ApplicationRe Kind: q.Kind, Version: q.Version, Group: q.Group, + Project: q.Project, } res, config, a, err := s.getAppLiveResource(ctx, rbacpolicy.ActionUpdate, resourceRequest) if err != nil { @@ -1302,6 +1358,7 @@ func (s *Server) DeleteResource(ctx context.Context, q *application.ApplicationR Kind: q.Kind, Version: q.Version, Group: q.Group, + Project: q.Project, } res, config, a, err := s.getAppLiveResource(ctx, rbacpolicy.ActionDelete, resourceRequest) if err != nil { @@ -1328,7 +1385,7 @@ func (s *Server) DeleteResource(ctx context.Context, q *application.ApplicationR } func (s *Server) ResourceTree(ctx context.Context, q *application.ResourcesQuery) (*appv1.ApplicationTree, error) { - a, err := s.getApplicationEnforceRBACInformer(ctx, rbacpolicy.ActionGet, q.GetAppNamespace(), q.GetApplicationName()) + a, err := s.getApplicationEnforceRBACInformer(ctx, rbacpolicy.ActionGet, q.GetProject(), q.GetAppNamespace(), q.GetApplicationName()) if err != nil { return nil, err } @@ -1337,7 +1394,7 @@ func (s *Server) ResourceTree(ctx context.Context, q *application.ResourcesQuery } func (s *Server) WatchResourceTree(q *application.ResourcesQuery, ws application.ApplicationService_WatchResourceTreeServer) error { - _, err := s.getApplicationEnforceRBACInformer(ws.Context(), rbacpolicy.ActionGet, q.GetAppNamespace(), q.GetApplicationName()) + _, err := s.getApplicationEnforceRBACInformer(ws.Context(), rbacpolicy.ActionGet, q.GetProject(), q.GetAppNamespace(), q.GetApplicationName()) if err != nil { return err } @@ -1353,7 +1410,7 @@ func (s *Server) WatchResourceTree(q *application.ResourcesQuery, ws application } func (s *Server) RevisionMetadata(ctx context.Context, q *application.RevisionMetadataQuery) (*appv1.RevisionMetadata, error) { - a, err := s.getApplicationEnforceRBACInformer(ctx, rbacpolicy.ActionGet, q.GetAppNamespace(), q.GetName()) + a, err := s.getApplicationEnforceRBACInformer(ctx, rbacpolicy.ActionGet, q.GetProject(), q.GetAppNamespace(), q.GetName()) if err != nil { return nil, err } @@ -1383,7 +1440,7 @@ func (s *Server) RevisionMetadata(ctx context.Context, q *application.RevisionMe // RevisionChartDetails returns the helm chart metadata, as fetched from the reposerver func (s *Server) RevisionChartDetails(ctx context.Context, q *application.RevisionMetadataQuery) (*appv1.ChartDetails, error) { - a, err := s.getApplicationEnforceRBACInformer(ctx, rbacpolicy.ActionGet, q.GetAppNamespace(), q.GetName()) + a, err := s.getApplicationEnforceRBACInformer(ctx, rbacpolicy.ActionGet, q.GetProject(), q.GetAppNamespace(), q.GetName()) if err != nil { return nil, err } @@ -1414,7 +1471,7 @@ func isMatchingResource(q *application.ResourcesQuery, key kube.ResourceKey) boo } func (s *Server) ManagedResources(ctx context.Context, q *application.ResourcesQuery) (*application.ManagedResourcesResponse, error) { - a, err := s.getApplicationEnforceRBACInformer(ctx, rbacpolicy.ActionGet, q.GetAppNamespace(), q.GetApplicationName()) + a, err := s.getApplicationEnforceRBACInformer(ctx, rbacpolicy.ActionGet, q.GetProject(), q.GetAppNamespace(), q.GetApplicationName()) if err != nil { return nil, err } @@ -1471,7 +1528,7 @@ func (s *Server) PodLogs(q *application.ApplicationPodLogsQuery, ws application. } } - a, err := s.getApplicationEnforceRBACInformer(ws.Context(), rbacpolicy.ActionGet, q.GetAppNamespace(), q.GetName()) + a, err := s.getApplicationEnforceRBACInformer(ws.Context(), rbacpolicy.ActionGet, q.GetProject(), q.GetAppNamespace(), q.GetName()) if err != nil { return err } @@ -1663,7 +1720,7 @@ func isTheSelectedOne(currentNode *appv1.ResourceNode, q *application.Applicatio // Sync syncs an application to its target state func (s *Server) Sync(ctx context.Context, syncReq *application.ApplicationSyncRequest) (*appv1.Application, error) { - a, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionGet, syncReq.GetAppNamespace(), syncReq.GetName(), "") + a, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionGet, syncReq.GetProject(), syncReq.GetAppNamespace(), syncReq.GetName(), "") if err != nil { return nil, err } @@ -1772,7 +1829,7 @@ func (s *Server) Sync(ctx context.Context, syncReq *application.ApplicationSyncR } func (s *Server) Rollback(ctx context.Context, rollbackReq *application.ApplicationRollbackRequest) (*appv1.Application, error) { - a, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionSync, rollbackReq.GetAppNamespace(), rollbackReq.GetName(), "") + a, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionSync, rollbackReq.GetProject(), rollbackReq.GetAppNamespace(), rollbackReq.GetName(), "") if err != nil { return nil, err } @@ -1831,7 +1888,7 @@ func (s *Server) Rollback(ctx context.Context, rollbackReq *application.Applicat } func (s *Server) ListLinks(ctx context.Context, req *application.ListAppLinksRequest) (*application.LinksResponse, error) { - a, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionGet, req.GetNamespace(), req.GetName(), "") + a, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionGet, req.GetProject(), req.GetNamespace(), req.GetName(), "") if err != nil { return nil, err } @@ -1985,7 +2042,7 @@ func (s *Server) resolveRevision(ctx context.Context, app *appv1.Application, sy func (s *Server) TerminateOperation(ctx context.Context, termOpReq *application.OperationTerminateRequest) (*application.OperationTerminateResponse, error) { appName := termOpReq.GetName() appNs := s.appNamespaceOrDefault(termOpReq.GetAppNamespace()) - a, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionSync, appNs, appName, "") + a, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionSync, termOpReq.GetProject(), appNs, appName, "") if err != nil { return nil, err } @@ -2058,7 +2115,7 @@ func (s *Server) ListResourceActions(ctx context.Context, q *application.Applica func (s *Server) getUnstructuredLiveResourceOrApp(ctx context.Context, rbacRequest string, q *application.ApplicationResourceRequest) (obj *unstructured.Unstructured, res *appv1.ResourceNode, app *appv1.Application, config *rest.Config, err error) { if q.GetKind() == applicationType.ApplicationKind && q.GetGroup() == applicationType.Group && q.GetName() == q.GetResourceName() { - app, err = s.getApplicationEnforceRBACInformer(ctx, rbacRequest, q.GetAppNamespace(), q.GetName()) + app, err = s.getApplicationEnforceRBACInformer(ctx, rbacRequest, q.GetProject(), q.GetAppNamespace(), q.GetName()) if err != nil { return nil, nil, nil, nil, err } @@ -2113,6 +2170,7 @@ func (s *Server) RunResourceAction(ctx context.Context, q *application.ResourceA Kind: q.Kind, Version: q.Version, Group: q.Group, + Project: q.Project, } actionRequest := fmt.Sprintf("%s/%s/%s/%s", rbacpolicy.ActionAction, q.GetGroup(), q.GetKind(), q.GetAction()) liveObj, res, a, config, err := s.getUnstructuredLiveResourceOrApp(ctx, actionRequest, resourceRequest) @@ -2321,7 +2379,7 @@ func splitStatusPatch(patch []byte) ([]byte, []byte, error) { } func (s *Server) GetApplicationSyncWindows(ctx context.Context, q *application.ApplicationSyncWindowsQuery) (*application.ApplicationSyncWindowsResponse, error) { - a, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionGet, q.GetAppNamespace(), q.GetName(), "") + a, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionGet, q.GetProject(), q.GetAppNamespace(), q.GetName(), "") if err != nil { return nil, err } diff --git a/server/application/application.proto b/server/application/application.proto index 7cb268d7d2a7d..53f161795902d 100644 --- a/server/application/application.proto +++ b/server/application/application.proto @@ -13,7 +13,11 @@ import "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1/generated.p import "github.com/argoproj/argo-cd/v2/reposerver/repository/repository.proto"; -// ApplicationQuery is a query for application resources +// ApplicationQuery is a query for application resources. When getting multiple applications, the "projects" field acts +// as a filter. When getting a single application, you may specify either zero or one project. If you specify zero +// projects, the application will be returned regardless of which project it belongs to (assuming you have access). If +// you specify one project, the application will only be returned if it exists and belongs to the specified project. +// Otherwise you will receive a 404. message ApplicationQuery { // the application's name optional string name = 1; @@ -46,6 +50,7 @@ message RevisionMetadataQuery{ required string revision = 2; // the application's namespace optional string appNamespace = 3; + optional string project = 4; } // ApplicationEventsQuery is a query for application resource events @@ -55,6 +60,7 @@ message ApplicationResourceEventsQuery { optional string resourceName = 3; optional string resourceUID = 4; optional string appNamespace = 5; + optional string project = 6; } // ManifestQuery is a query for manifest resources @@ -62,6 +68,7 @@ message ApplicationManifestQuery { required string name = 1; optional string revision = 2; optional string appNamespace = 3; + optional string project = 4; } message FileChunk { @@ -72,6 +79,7 @@ message ApplicationManifestQueryWithFiles { required string name = 1; required string checksum = 2; optional string appNamespace = 3; + optional string project = 4; } message ApplicationManifestQueryWithFilesWrapper { @@ -92,6 +100,7 @@ message ApplicationCreateRequest { message ApplicationUpdateRequest { required github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Application application = 1; optional bool validate = 2; + optional string project = 3; } message ApplicationDeleteRequest { @@ -99,6 +108,7 @@ message ApplicationDeleteRequest { optional bool cascade = 2; optional string propagationPolicy = 3; optional string appNamespace = 4; + optional string project = 5; } message SyncOptions { @@ -118,6 +128,7 @@ message ApplicationSyncRequest { optional github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.RetryStrategy retryStrategy = 10; optional SyncOptions syncOptions = 11; optional string appNamespace = 12; + optional string project = 13; } // ApplicationUpdateSpecRequest is a request to update application spec @@ -126,6 +137,7 @@ message ApplicationUpdateSpecRequest { required github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSpec spec = 2; optional bool validate = 3; optional string appNamespace = 4; + optional string project = 5; } // ApplicationPatchRequest is a request to patch an application @@ -134,6 +146,7 @@ message ApplicationPatchRequest { required string patch = 2; required string patchType = 3; optional string appNamespace = 5; + optional string project = 6; } message ApplicationRollbackRequest { @@ -142,6 +155,7 @@ message ApplicationRollbackRequest { optional bool dryRun = 3; optional bool prune = 4; optional string appNamespace = 6; + optional string project = 7; } message ApplicationResourceRequest { @@ -152,6 +166,7 @@ message ApplicationResourceRequest { optional string group = 5; required string kind = 6; optional string appNamespace = 7; + optional string project = 8; } message ApplicationResourcePatchRequest { @@ -164,6 +179,7 @@ message ApplicationResourcePatchRequest { required string patch = 7; required string patchType = 8; optional string appNamespace = 9; + optional string project = 10; } message ApplicationResourceDeleteRequest { @@ -176,6 +192,7 @@ message ApplicationResourceDeleteRequest { optional bool force = 7; optional bool orphan = 8; optional string appNamespace = 9; + optional string project = 10; } message ResourceActionRunRequest { @@ -187,6 +204,7 @@ message ResourceActionRunRequest { required string kind = 6; required string action = 7; optional string appNamespace = 8; + optional string project = 9; } message ResourceActionsListResponse { @@ -213,6 +231,7 @@ message ApplicationPodLogsQuery { optional string resourceName = 13 ; optional bool previous = 14; optional string appNamespace = 15; + optional string project = 16; } message LogEntry { @@ -227,11 +246,13 @@ message LogEntry { message OperationTerminateRequest { required string name = 1; optional string appNamespace = 2; + optional string project = 3; } message ApplicationSyncWindowsQuery { required string name = 1; optional string appNamespace = 2; + optional string project = 3; } message ApplicationSyncWindowsResponse { @@ -260,6 +281,7 @@ message ResourcesQuery { optional string group = 5; optional string kind = 6; optional string appNamespace = 7; + optional string project = 8; } message ManagedResourcesResponse { @@ -280,6 +302,7 @@ message LinksResponse { message ListAppLinksRequest { required string name = 1; optional string namespace = 3; + optional string project = 4; } diff --git a/server/application/application_test.go b/server/application/application_test.go index de647bfede4c8..57b740a6f1ea4 100644 --- a/server/application/application_test.go +++ b/server/application/application_test.go @@ -5,12 +5,13 @@ import ( coreerrors "errors" "fmt" "io" - "k8s.io/apimachinery/pkg/labels" "strconv" "sync/atomic" "testing" "time" + "k8s.io/apimachinery/pkg/labels" + "github.com/argoproj/gitops-engine/pkg/health" synccommon "github.com/argoproj/gitops-engine/pkg/sync/common" "github.com/argoproj/gitops-engine/pkg/utils/kube" @@ -570,6 +571,7 @@ type TestServerStream struct { ctx context.Context appName string headerSent bool + project string } func (t *TestServerStream) SetHeader(metadata.MD) error { @@ -604,6 +606,7 @@ func (t *TestServerStream) Recv() (*application.ApplicationManifestQueryWithFile return &application.ApplicationManifestQueryWithFilesWrapper{Part: &application.ApplicationManifestQueryWithFilesWrapper_Query{ Query: &application.ApplicationManifestQueryWithFiles{ Name: pointer.String(t.appName), + Project: pointer.String(t.project), Checksum: pointer.String(""), }, }}, nil @@ -764,6 +767,9 @@ func TestNoAppEnumeration(t *testing.T) { // nolint:staticcheck _, err = appServer.Get(adminCtx, &application.ApplicationQuery{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + // nolint:staticcheck + _, err = appServer.Get(adminCtx, &application.ApplicationQuery{Name: pointer.String("doest-not-exist"), Project: []string{"test"}}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("GetManifests", func(t *testing.T) { @@ -773,6 +779,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.GetManifests(adminCtx, &application.ApplicationManifestQuery{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.GetManifests(adminCtx, &application.ApplicationManifestQuery{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("ListResourceEvents", func(t *testing.T) { @@ -782,6 +790,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.ListResourceEvents(adminCtx, &application.ApplicationResourceEventsQuery{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.ListResourceEvents(adminCtx, &application.ApplicationResourceEventsQuery{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("UpdateSpec", func(t *testing.T) { @@ -800,6 +810,11 @@ func TestNoAppEnumeration(t *testing.T) { Source: &appsv1.ApplicationSource{RepoURL: "https://some-fake-source", Path: "."}, }}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.UpdateSpec(adminCtx, &application.ApplicationUpdateSpecRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test"), Spec: &appsv1.ApplicationSpec{ + Destination: appsv1.ApplicationDestination{Namespace: "default", Server: "https://cluster-api.com"}, + Source: &appsv1.ApplicationSource{RepoURL: "https://some-fake-source", Path: "."}, + }}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("Patch", func(t *testing.T) { @@ -809,6 +824,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.Patch(adminCtx, &application.ApplicationPatchRequest{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.Patch(adminCtx, &application.ApplicationPatchRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("GetResource", func(t *testing.T) { @@ -818,6 +835,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.GetResource(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("doest-not-exist"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.GetResource(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("PatchResource", func(t *testing.T) { @@ -829,6 +848,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.PatchResource(adminCtx, &application.ApplicationResourcePatchRequest{Name: pointer.String("doest-not-exist"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test"), Patch: pointer.String(`[{"op": "replace", "path": "/spec/replicas", "value": 3}]`)}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.PatchResource(adminCtx, &application.ApplicationResourcePatchRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test"), Patch: pointer.String(`[{"op": "replace", "path": "/spec/replicas", "value": 3}]`)}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("DeleteResource", func(t *testing.T) { @@ -838,6 +859,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.DeleteResource(adminCtx, &application.ApplicationResourceDeleteRequest{Name: pointer.String("doest-not-exist"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.DeleteResource(adminCtx, &application.ApplicationResourceDeleteRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("ResourceTree", func(t *testing.T) { @@ -847,6 +870,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.ResourceTree(adminCtx, &application.ResourcesQuery{ApplicationName: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.ResourceTree(adminCtx, &application.ResourcesQuery{ApplicationName: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("RevisionMetadata", func(t *testing.T) { @@ -856,6 +881,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.RevisionMetadata(adminCtx, &application.RevisionMetadataQuery{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.RevisionMetadata(adminCtx, &application.RevisionMetadataQuery{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("RevisionChartDetails", func(t *testing.T) { @@ -865,6 +892,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.RevisionChartDetails(adminCtx, &application.RevisionMetadataQuery{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.RevisionChartDetails(adminCtx, &application.RevisionMetadataQuery{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("ManagedResources", func(t *testing.T) { @@ -874,6 +903,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.ManagedResources(adminCtx, &application.ResourcesQuery{ApplicationName: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.ManagedResources(adminCtx, &application.ResourcesQuery{ApplicationName: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("Sync", func(t *testing.T) { @@ -883,6 +914,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.Sync(adminCtx, &application.ApplicationSyncRequest{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.Sync(adminCtx, &application.ApplicationSyncRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("TerminateOperation", func(t *testing.T) { @@ -895,6 +928,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.TerminateOperation(adminCtx, &application.OperationTerminateRequest{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.TerminateOperation(adminCtx, &application.OperationTerminateRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("Rollback", func(t *testing.T) { @@ -905,6 +940,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.Rollback(adminCtx, &application.ApplicationRollbackRequest{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.Rollback(adminCtx, &application.ApplicationRollbackRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("ListResourceActions", func(t *testing.T) { @@ -916,6 +953,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.ListResourceActions(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.ListResourceActions(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("RunResourceAction", func(t *testing.T) { @@ -927,6 +966,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("GetApplicationSyncWindows", func(t *testing.T) { @@ -936,6 +977,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.GetApplicationSyncWindows(adminCtx, &application.ApplicationSyncWindowsQuery{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.GetApplicationSyncWindows(adminCtx, &application.ApplicationSyncWindowsQuery{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("GetManifestsWithFiles", func(t *testing.T) { @@ -945,6 +988,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") err = appServer.GetManifestsWithFiles(&TestServerStream{ctx: adminCtx, appName: "does-not-exist"}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + err = appServer.GetManifestsWithFiles(&TestServerStream{ctx: adminCtx, appName: "does-not-exist", project: "test"}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"does-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("WatchResourceTree", func(t *testing.T) { @@ -954,6 +999,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") err = appServer.WatchResourceTree(&application.ResourcesQuery{ApplicationName: pointer.String("does-not-exist")}, &TestResourceTreeServer{ctx: adminCtx}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + err = appServer.WatchResourceTree(&application.ResourcesQuery{ApplicationName: pointer.String("does-not-exist"), Project: pointer.String("test")}, &TestResourceTreeServer{ctx: adminCtx}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"does-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("PodLogs", func(t *testing.T) { @@ -963,6 +1010,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") err = appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: pointer.String("does-not-exist")}, &TestPodLogsServer{ctx: adminCtx}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + err = appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: pointer.String("does-not-exist"), Project: pointer.String("test")}, &TestPodLogsServer{ctx: adminCtx}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"does-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("ListLinks", func(t *testing.T) { @@ -972,6 +1021,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.ListLinks(adminCtx, &application.ListAppLinksRequest{Name: pointer.String("does-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.ListLinks(adminCtx, &application.ListAppLinksRequest{Name: pointer.String("does-not-exist"), Project: pointer.String("test")}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"does-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("ListResourceLinks", func(t *testing.T) { @@ -981,6 +1032,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.ListResourceLinks(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("does-not-exist"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.ListResourceLinks(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("does-not-exist"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test"), Project: pointer.String("test")}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"does-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) // Do this last so other stuff doesn't fail. @@ -991,6 +1044,8 @@ func TestNoAppEnumeration(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") _, err = appServer.Delete(adminCtx, &application.ApplicationDeleteRequest{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") + _, err = appServer.Delete(adminCtx, &application.ApplicationDeleteRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) } @@ -1650,7 +1705,7 @@ p, admin, applications, update, default/test-app, allow p, admin, applications, create, my-proj/test-app, allow `) _, err := appServer.Update(ctx, &application.ApplicationUpdateRequest{Application: testApp}) - assert.Equal(t, status.Code(err), codes.PermissionDenied) + assert.Equal(t, codes.PermissionDenied, status.Code(err)) }) t.Run("cannot change projects without update privileges in old project", func(t *testing.T) { From 558cc8e05e1ccd61b9c4d411ad25e3e07baf109f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Jul 2023 07:56:25 -0400 Subject: [PATCH 028/105] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.301 to 1.44.304 (#14609) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.301 to 1.44.304. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.301...v1.44.304) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 65b0957ad9c1b..12a7f38f7bd9e 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230607163028-425d65e07695 github.com/argoproj/notifications-engine v0.4.1-0.20230620204159-3446d4ae8520 github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 - github.com/aws/aws-sdk-go v1.44.301 + github.com/aws/aws-sdk-go v1.44.304 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 diff --git a/go.sum b/go.sum index 95f7983b428fe..2a77aaf62d19d 100644 --- a/go.sum +++ b/go.sum @@ -716,8 +716,8 @@ github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.301 h1:VofuXktwHFTBUvoPiHxQis/3uKgu0RtgUwLtNujd3Zs= -github.com/aws/aws-sdk-go v1.44.301/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.304 h1:crcJBVeewWcVAXDQChzJWZYGFq9i1TYLycAtQ6Xpi4c= +github.com/aws/aws-sdk-go v1.44.304/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= From 340504a195a16aebb45b123f7f9e0f37025451a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Jul 2023 07:57:17 -0400 Subject: [PATCH 029/105] chore(deps): bump github.com/xanzy/go-gitlab from 0.86.0 to 0.87.0 (#14610) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.86.0 to 0.87.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.86.0...v0.87.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 12a7f38f7bd9e..db3096d5f665b 100644 --- a/go.mod +++ b/go.mod @@ -70,7 +70,7 @@ require ( github.com/stretchr/testify v1.8.4 github.com/valyala/fasttemplate v1.2.2 github.com/whilp/git-urls v1.0.0 - github.com/xanzy/go-gitlab v0.86.0 + github.com/xanzy/go-gitlab v0.87.0 github.com/yuin/gopher-lua v1.1.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 go.opentelemetry.io/otel v1.16.0 diff --git a/go.sum b/go.sum index 2a77aaf62d19d..58a7de224bc64 100644 --- a/go.sum +++ b/go.sum @@ -1798,8 +1798,8 @@ github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU= github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE= -github.com/xanzy/go-gitlab v0.86.0 h1:jR8V9cK9jXRQDb46KOB20NCF3ksY09luaG0IfXE6p7w= -github.com/xanzy/go-gitlab v0.86.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/xanzy/go-gitlab v0.87.0 h1:voCJlBllibaHH7wNnAz6HxMEN4b5aA4tOM6VizAbGG8= +github.com/xanzy/go-gitlab v0.87.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= From 7bc5804b04274a0bf9c2a3105aacba4aa9d4dceb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Jul 2023 07:57:57 -0400 Subject: [PATCH 030/105] chore(deps): bump github.com/antonmedv/expr from 1.12.6 to 1.12.7 (#14611) Bumps [github.com/antonmedv/expr](https://github.com/antonmedv/expr) from 1.12.6 to 1.12.7. - [Release notes](https://github.com/antonmedv/expr/releases) - [Commits](https://github.com/antonmedv/expr/compare/v1.12.6...v1.12.7) --- updated-dependencies: - dependency-name: github.com/antonmedv/expr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index db3096d5f665b..b5ba47c00c103 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.3 github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d github.com/alicebob/miniredis/v2 v2.30.4 - github.com/antonmedv/expr v1.12.6 + github.com/antonmedv/expr v1.12.7 github.com/argoproj/gitops-engine v0.7.1-0.20230607163028-425d65e07695 github.com/argoproj/notifications-engine v0.4.1-0.20230620204159-3446d4ae8520 github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 diff --git a/go.sum b/go.sum index 58a7de224bc64..f72f5dc1e12ec 100644 --- a/go.sum +++ b/go.sum @@ -685,8 +685,8 @@ github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHG github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= -github.com/antonmedv/expr v1.12.6 h1:qtgMHOFissxhePwokx0xB9eqS6PUy0SbhDRPD67PInA= -github.com/antonmedv/expr v1.12.6/go.mod h1:FPC8iWArxls7axbVLsW+kpg1mz29A1b2M6jt+hZfDkU= +github.com/antonmedv/expr v1.12.7 h1:jfV/l/+dHWAadLwAtESXNxXdfbK9bE4+FNMHYCMntwk= +github.com/antonmedv/expr v1.12.7/go.mod h1:FPC8iWArxls7axbVLsW+kpg1mz29A1b2M6jt+hZfDkU= github.com/apache/arrow/go/v10 v10.0.1/go.mod h1:YvhnlEePVnBS4+0z3fhPfUy7W1Ikj0Ih0vcRo/gZ1M0= github.com/apache/arrow/go/v11 v11.0.0/go.mod h1:Eg5OsL5H+e299f7u5ssuXsuHQVEGC4xei5aX110hRiI= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= From 43501ce3e788a61ce85f10ed26ba25c614c24f68 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Jul 2023 13:05:41 +0000 Subject: [PATCH 031/105] chore(deps): bump github.com/xanzy/go-gitlab from 0.86.0 to 0.88.0 (#14616) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.86.0 to 0.88.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.86.0...v0.88.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b5ba47c00c103..1c3e3bb12cda7 100644 --- a/go.mod +++ b/go.mod @@ -70,7 +70,7 @@ require ( github.com/stretchr/testify v1.8.4 github.com/valyala/fasttemplate v1.2.2 github.com/whilp/git-urls v1.0.0 - github.com/xanzy/go-gitlab v0.87.0 + github.com/xanzy/go-gitlab v0.88.0 github.com/yuin/gopher-lua v1.1.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 go.opentelemetry.io/otel v1.16.0 diff --git a/go.sum b/go.sum index f72f5dc1e12ec..0e84785301b76 100644 --- a/go.sum +++ b/go.sum @@ -1798,8 +1798,8 @@ github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU= github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE= -github.com/xanzy/go-gitlab v0.87.0 h1:voCJlBllibaHH7wNnAz6HxMEN4b5aA4tOM6VizAbGG8= -github.com/xanzy/go-gitlab v0.87.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/xanzy/go-gitlab v0.88.0 h1:9GHBrxyCUNZZNuAsbJ1NbEH6XAYsKyTn6NfE0wYO5SY= +github.com/xanzy/go-gitlab v0.88.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= From 5cdd3e1645eec4b9bc8440d8a7e597cc017bbc60 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Jul 2023 14:27:22 +0000 Subject: [PATCH 032/105] chore(deps): bump pygments from 2.7.4 to 2.15.0 in /docs (#14615) Bumps [pygments](https://github.com/pygments/pygments) from 2.7.4 to 2.15.0. - [Release notes](https://github.com/pygments/pygments/releases) - [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES) - [Commits](https://github.com/pygments/pygments/compare/2.7.4...2.15.0) --- updated-dependencies: - dependency-name: pygments dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/requirements.txt b/docs/requirements.txt index ca3bc2f803744..09b5d35eb5d5b 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,6 +1,6 @@ mkdocs==1.3.0 mkdocs-material==7.1.8 markdown_include==0.6.0 -pygments==2.7.4 +pygments==2.15.0 jinja2==3.0.3 markdown==3.3.7 \ No newline at end of file From 278237e57b63f84110326eb568a414a3da13fd35 Mon Sep 17 00:00:00 2001 From: Kyle Purkiss Date: Thu, 20 Jul 2023 11:43:12 -0700 Subject: [PATCH 033/105] fix(ui): Fix Destination Cluster URL/Name Drop down not updating destination field (#13813) (#14216) * fix(ui): Fix Destination Cluster URL/Name Drop down not updating destination field (fixes #13813) Signed-off-by: Kyle Purkiss * Address linting errors Signed-off-by: Kyle Purkiss --------- Signed-off-by: Kyle Purkiss --- .../application-create-panel.tsx | 21 +++++++++++-------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx b/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx index 224c3da5f279d..eef8c8ec32103 100644 --- a/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx +++ b/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx @@ -108,15 +108,24 @@ export const ApplicationCreatePanel = (props: { const [explicitPathType, setExplicitPathType] = React.useState<{path: string; type: models.AppSourceType}>(null); const [destFormat, setDestFormat] = React.useState('URL'); const [retry, setRetry] = React.useState(false); + const app = deepMerge(DEFAULT_APP, props.app || {}); + + React.useEffect(() => { + if (app?.spec?.destination?.name && app.spec.destination.name !== '') { + setDestFormat('NAME'); + } else { + setDestFormat('URL'); + } + }, []); function normalizeTypeFields(formApi: FormApi, type: models.AppSourceType) { - const app = formApi.getFormState().values; + const appToNormalize = formApi.getFormState().values; for (const item of appTypes) { if (item.type !== type) { - delete app.spec.source[item.field]; + delete appToNormalize.spec.source[item.field]; } } - formApi.setAllValues(app); + formApi.setAllValues(appToNormalize); } return ( @@ -132,16 +141,10 @@ export const ApplicationCreatePanel = (props: { }> {({projects, clusters, reposInfo}) => { const repos = reposInfo.map(info => info.repo).sort(); - const app = deepMerge(DEFAULT_APP, props.app || {}); const repoInfo = reposInfo.find(info => info.repo === app.spec.source.repoURL); if (repoInfo) { normalizeAppSource(app, repoInfo.type || 'git'); } - if (app?.spec?.destination?.name && app.spec.destination.name !== '') { - setDestFormat('NAME'); - } else { - setDestFormat('URL'); - } return (
{(yamlMode && ( From 3ee9c364acea48111b0150221eedd5e8a782a6ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Jul 2023 09:57:10 -0400 Subject: [PATCH 034/105] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.304 to 1.44.305 (#14632) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.304 to 1.44.305. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG_PENDING.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.304...v1.44.305) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 1c3e3bb12cda7..d10d3f72a0664 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230607163028-425d65e07695 github.com/argoproj/notifications-engine v0.4.1-0.20230620204159-3446d4ae8520 github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 - github.com/aws/aws-sdk-go v1.44.304 + github.com/aws/aws-sdk-go v1.44.305 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 diff --git a/go.sum b/go.sum index 0e84785301b76..2a2ed83007273 100644 --- a/go.sum +++ b/go.sum @@ -716,8 +716,8 @@ github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.304 h1:crcJBVeewWcVAXDQChzJWZYGFq9i1TYLycAtQ6Xpi4c= -github.com/aws/aws-sdk-go v1.44.304/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.305 h1:fU/5lY3WyBjGU9fkmQYd8o4fZu+2RaOv/i+sPaJVvFg= +github.com/aws/aws-sdk-go v1.44.305/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= From 85cb3c378f95f544b0da48078d6ae534098e1ec5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5kon=20Solbj=C3=B8rg?= Date: Fri, 21 Jul 2023 16:00:04 +0200 Subject: [PATCH 035/105] docs(deep-links): Fix link to pkg.go.dev to not return 404 (#14595) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Håkon Solbjørg --- docs/operator-manual/deep_links.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/operator-manual/deep_links.md b/docs/operator-manual/deep_links.md index b768cfd4d8aac..df46cced2ae90 100644 --- a/docs/operator-manual/deep_links.md +++ b/docs/operator-manual/deep_links.md @@ -21,7 +21,7 @@ Each link in the list has five subfields: 1. `title`: title/tag that will be displayed in the UI corresponding to that link 2. `url`: the actual URL where the deep link will redirect to, this field can be templated to use data from the - corresponding application, project or resource objects (depending on where it is located). This uses [text/template](pkg.go.dev/text/template) pkg for templating + corresponding application, project or resource objects (depending on where it is located). This uses [text/template](https://pkg.go.dev/text/template) pkg for templating 3. `description` (optional): a description for what the deep link is about 4. `icon.class` (optional): a font-awesome icon class to be used when displaying the links in dropdown menus 5. `if` (optional): a conditional statement that results in either `true` or `false`, it also has access to the same From 7bade3c06ca8e24bea6c8b3ca8561d803e035aa4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20Lindh=C3=A9?= Date: Fri, 21 Jul 2023 16:01:35 +0200 Subject: [PATCH 036/105] docs: Skip `export` keyword in notification docs (#14633) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This change does three things: 1. It removes the `export` keyword. It's not required since the example executes a script where the variables are evaluated as an inline string. One could even argue that there is a slight security issue with using `export` here, since that will expose the credentials to all applications started in the current context. 2. It adds a space (` `) before the `PASSWORD` variable. This will keep it out of the user's Bash history by default. See [HISTIGNORE][bash]. 3. Add a newline for clarity. [bash]: https://www.gnu.org/software/bash/manual/bash.html#index-HISTIGNORE Signed-off-by: Andreas Lindhé --- docs/operator-manual/notifications/index.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/operator-manual/notifications/index.md b/docs/operator-manual/notifications/index.md index dafb87169eb14..8d4f383930475 100644 --- a/docs/operator-manual/notifications/index.md +++ b/docs/operator-manual/notifications/index.md @@ -17,8 +17,9 @@ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/st * Add Email username and password token to `argocd-notifications-secret` secret ```bash -export EMAIL_USER= -export PASSWORD= +EMAIL_USER= + PASSWORD= + kubectl apply -n argocd -f - << EOF apiVersion: v1 kind: Secret From 244b9e162b2f34aeaf0c815e22b58073bf1a0f73 Mon Sep 17 00:00:00 2001 From: schakrad <58915923+schakrad@users.noreply.github.com> Date: Fri, 21 Jul 2023 07:34:47 -0700 Subject: [PATCH 037/105] fix(ui): Drop ready from Completed container status (#14434) (#14629) Signed-off-by: schakrad <58915923+schakrad@users.noreply.github.com> --- .../application-node-info/application-node-info.tsx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ui/src/app/applications/components/application-node-info/application-node-info.tsx b/ui/src/app/applications/components/application-node-info/application-node-info.tsx index 05c3dcae95ab3..18ff44e381c55 100644 --- a/ui/src/app/applications/components/application-node-info/application-node-info.tsx +++ b/ui/src/app/applications/components/application-node-info/application-node-info.tsx @@ -48,8 +48,8 @@ const RenderContainerState = (props: {container: any}) => { )} <> {' '} - It is {props.container?.started ? 'started' : 'not started'} and - {props.container?.ready ? ' ready.' : ' not ready.'} + It is {props.container?.started ? 'started' : 'not started'} + {status === 'Completed' ? '.' : props.container?.ready ? ' and ready.' : ' and not ready.'}
{lastState && ( From db52c265c3b955b6b7bee9cdf36d1f5f7db205bc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Jul 2023 15:48:07 +0000 Subject: [PATCH 038/105] chore(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 (#14641) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.7.0 to 5.8.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.7.0...v5.8.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d10d3f72a0664..7dfeb02e13e9d 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/evanphx/json-patch v5.6.0+incompatible github.com/fsnotify/fsnotify v1.6.0 github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e - github.com/go-git/go-git/v5 v5.7.0 + github.com/go-git/go-git/v5 v5.8.0 github.com/go-logr/logr v1.2.4 github.com/go-openapi/loads v0.21.2 github.com/go-openapi/runtime v0.26.0 diff --git a/go.sum b/go.sum index 2a2ed83007273..642289c8820a1 100644 --- a/go.sum +++ b/go.sum @@ -948,8 +948,8 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmS github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4= github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8= -github.com/go-git/go-git/v5 v5.7.0 h1:t9AudWVLmqzlo+4bqdf7GY+46SUuRsx59SboFxkq2aE= -github.com/go-git/go-git/v5 v5.7.0/go.mod h1:coJHKEOk5kUClpsNlXrUvPrDxY3w3gjHvhcZd8Fodw8= +github.com/go-git/go-git/v5 v5.8.0 h1:Rc543s6Tyq+YcyPwZRvU4jzZGM8rB/wWu94TnTIYALQ= +github.com/go-git/go-git/v5 v5.8.0/go.mod h1:coJHKEOk5kUClpsNlXrUvPrDxY3w3gjHvhcZd8Fodw8= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= From 5120026d154ee5e34a37535cac6275a6ea9e4091 Mon Sep 17 00:00:00 2001 From: Nik Skoufis Date: Sat, 22 Jul 2023 04:29:57 +1000 Subject: [PATCH 039/105] fix: webhook handler fails to refresh when alternate application namespaces are configured (#13976) * fix: Add failing test for webhooks in all namespaces This adds a failing test that properly exercises this functionality over all namespaces. The issue with the code that is under test is that it does not pass the namespace correctly to the patch of the application, resulting in the patch not taking place in the correct namespace Signed-off-by: Nikolas Skoufis * fix: queue webhook refresh for apps in all namespaces This passes the test in the previous commit, to ensure that webhooks correctly refresh applications across all namespaces. Signed-off-by: Nikolas Skoufis * fix: Use existing NamespacedName type Use the existing type instead of a custom type Signed-off-by: Nikolas Skoufis --------- Signed-off-by: Nikolas Skoufis --- util/webhook/webhook.go | 3 ++- util/webhook/webhook_test.go | 13 +++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/util/webhook/webhook.go b/util/webhook/webhook.go index c47323f2cdbbb..ca4742e31a1f1 100644 --- a/util/webhook/webhook.go +++ b/util/webhook/webhook.go @@ -264,7 +264,8 @@ func (a *ArgoCDWebhookHandler) HandleEvent(payload interface{}) { for _, source := range app.Spec.GetSources() { if sourceRevisionHasChanged(source, revision, touchedHead) && sourceUsesURL(source, webURL, repoRegexp) { if appFilesHaveChanged(&app, changedFiles) { - _, err = argo.RefreshApp(appIf, app.ObjectMeta.Name, v1alpha1.RefreshTypeNormal) + namespacedAppInterface := a.appClientset.ArgoprojV1alpha1().Applications(app.ObjectMeta.Namespace) + _, err = argo.RefreshApp(namespacedAppInterface, app.ObjectMeta.Name, v1alpha1.RefreshTypeNormal) if err != nil { log.Warnf("Failed to refresh app '%s' for controller reprocessing: %v", app.ObjectMeta.Name, err) continue diff --git a/util/webhook/webhook_test.go b/util/webhook/webhook_test.go index 899c3ecb73203..cf11162febc6c 100644 --- a/util/webhook/webhook_test.go +++ b/util/webhook/webhook_test.go @@ -5,6 +5,7 @@ import ( "encoding/json" "fmt" "io" + "k8s.io/apimachinery/pkg/types" "net/http" "net/http/httptest" "os" @@ -149,10 +150,10 @@ func TestGitHubCommitEvent_MultiSource_Refresh(t *testing.T) { func TestGitHubCommitEvent_AppsInOtherNamespaces(t *testing.T) { hook := test.NewGlobal() - patchedApps := make([]string, 0, 3) + patchedApps := make([]types.NamespacedName, 0, 3) reaction := func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { patchAction := action.(kubetesting.PatchAction) - patchedApps = append(patchedApps, patchAction.GetName()) + patchedApps = append(patchedApps, types.NamespacedName{Name: patchAction.GetName(), Namespace: patchAction.GetNamespace()}) return true, nil, nil } @@ -231,10 +232,10 @@ func TestGitHubCommitEvent_AppsInOtherNamespaces(t *testing.T) { assert.Contains(t, logMessages, "Requested app 'app-to-refresh-in-globbed-namespace' refresh") assert.NotContains(t, logMessages, "Requested app 'app-to-ignore' refresh") - assert.Contains(t, patchedApps, "app-to-refresh-in-default-namespace") - assert.Contains(t, patchedApps, "app-to-refresh-in-exact-match-namespace") - assert.Contains(t, patchedApps, "app-to-refresh-in-globbed-namespace") - assert.NotContains(t, patchedApps, "app-to-ignore") + assert.Contains(t, patchedApps, types.NamespacedName{Name: "app-to-refresh-in-default-namespace", Namespace: "argocd"}) + assert.Contains(t, patchedApps, types.NamespacedName{Name: "app-to-refresh-in-exact-match-namespace", Namespace: "end-to-end-tests"}) + assert.Contains(t, patchedApps, types.NamespacedName{Name: "app-to-refresh-in-globbed-namespace", Namespace: "app-team-two"}) + assert.NotContains(t, patchedApps, types.NamespacedName{Name: "app-to-ignore", Namespace: "kube-system"}) assert.Len(t, patchedApps, 3) hook.Reset() From 21e7d92093b677100f33bef501134b664c15fb57 Mon Sep 17 00:00:00 2001 From: schakrad <58915923+schakrad@users.noreply.github.com> Date: Sun, 23 Jul 2023 14:29:36 -0700 Subject: [PATCH 040/105] fix: ApplicationSet Controller crashes when tag is not closed; panic: Cannot find end tag="}}"(#14227) (#14651) * ApplicationSet bug fix Signed-off-by: schakrad <58915923+schakrad@users.noreply.github.com> * Update applicationset/utils/utils_test.go Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * oops Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: schakrad <58915923+schakrad@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- applicationset/utils/utils.go | 5 ++++- applicationset/utils/utils_test.go | 8 ++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/applicationset/utils/utils.go b/applicationset/utils/utils.go index 5b5fbc69ca031..90e65ef5dafdc 100644 --- a/applicationset/utils/utils.go +++ b/applicationset/utils/utils.go @@ -283,7 +283,10 @@ func (r *Render) Replace(tmpl string, replaceMap map[string]interface{}, useGoTe return tmpl, nil } - fstTmpl := fasttemplate.New(tmpl, "{{", "}}") + fstTmpl, err := fasttemplate.NewTemplate(tmpl, "{{", "}}") + if err != nil { + return "", fmt.Errorf("invalid template: %w", err) + } replacedTmpl := fstTmpl.ExecuteFuncString(func(w io.Writer, tag string) (int, error) { trimmedTag := strings.TrimSpace(tag) replacement, ok := replaceMap[trimmedTag].(string) diff --git a/applicationset/utils/utils_test.go b/applicationset/utils/utils_test.go index b1f7c1164f104..0a62275befc9f 100644 --- a/applicationset/utils/utils_test.go +++ b/applicationset/utils/utils_test.go @@ -559,6 +559,14 @@ func TestRenderTemplateKeys(t *testing.T) { }) } +func Test_Render_Replace_no_panic_on_missing_closing_brace(t *testing.T) { + r := &Render{} + assert.NotPanics(t, func() { + _, err := r.Replace("{{properly.closed}} {{improperly.closed}", nil, false, []string{}) + assert.Error(t, err) + }) +} + func TestRenderTemplateParamsFinalizers(t *testing.T) { emptyApplication := &argoappsv1.Application{ From 4ed611c2dd35d4af85b82ee6f82317ea8fcd8fb5 Mon Sep 17 00:00:00 2001 From: asingh <11219262+ashutosh16@users.noreply.github.com> Date: Mon, 24 Jul 2023 07:38:57 -0700 Subject: [PATCH 041/105] fix(ui): The default pod group filter should be removed if fewer than 15 pods (#14590) Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> --- .../application-resource-tree.tsx | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx index 96a8ea55b4f58..b5426ff1de2bf 100644 --- a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx +++ b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx @@ -179,7 +179,7 @@ function groupNodes(nodes: ResourceTreeNode[], graph: dagre.graphlib.Graph) { nodeIds.forEach((nodeId: string) => { const index = nodes.findIndex(node => nodeId === node.uid || nodeId === nodeKey(node)); const graphNode = graph.node(nodeId); - if (!graphNode.podGroup && index > -1) { + if (!graphNode?.podGroup && index > -1) { groupedNodeIds.push(nodeId); } else { podGroupIds.push(nodeId); @@ -935,22 +935,20 @@ export const ApplicationResourceTree = (props: ApplicationResourceTreeProps) => } }, [props.filters]); - const [defaultCompactView, setDefaultCompactView] = React.useState(false); + const podCount = nodes.filter(node => node.kind === 'Pod').length; React.useEffect(() => { const {podGroupCount, setShowCompactNodes, appContext} = props; - const podCount = nodes.filter(node => node.kind === 'Pod').length; - - if (!defaultCompactView && podCount > podGroupCount) { + if (podCount > podGroupCount) { setShowCompactNodes(true); - setDefaultCompactView(true); - appContext.apis.notifications.show({ content: `Since the number of pods has surpassed the threshold pod count of ${podGroupCount}, you will now be switched to the group node view. If you prefer the tree view, you can simply click on the Group Nodes toolbar button to deselect the current view.`, type: NotificationType.Success }); + } else { + props.setShowCompactNodes(false); } - }, [props.setShowCompactNodes, props.showCompactNodes, defaultCompactView]); + }, [podCount]); function filterGraph(app: models.Application, filteredIndicatorParent: string, graphNodesFilter: dagre.graphlib.Graph, predicate: (node: ResourceTreeNode) => boolean) { const appKey = appNodeKey(app); From e10c4186a5765c10c061a6d7d8f46c8e8b381c9e Mon Sep 17 00:00:00 2001 From: daftping <21245083+daftping@users.noreply.github.com> Date: Mon, 24 Jul 2023 09:54:42 -0700 Subject: [PATCH 042/105] feat(deep-links): sprig support (#14660) Signed-off-by: daftping <21245083+daftping@users.noreply.github.com> --- server/deeplinks/deeplinks.go | 12 +++++++++++- server/deeplinks/deeplinks_test.go | 16 ++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/server/deeplinks/deeplinks.go b/server/deeplinks/deeplinks.go index 057bffee3e870..254d7c8a62e08 100644 --- a/server/deeplinks/deeplinks.go +++ b/server/deeplinks/deeplinks.go @@ -5,6 +5,7 @@ import ( "fmt" "text/template" + "github.com/Masterminds/sprig/v3" "github.com/antonmedv/expr" "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -14,6 +15,15 @@ import ( "k8s.io/utils/pointer" ) +var sprigFuncMap = sprig.GenericFuncMap() // a singleton for better performance + +func init() { + // Avoid allowing the user to learn things about the environment. + delete(sprigFuncMap, "env") + delete(sprigFuncMap, "expandenv") + delete(sprigFuncMap, "getHostByName") +} + const ( ResourceDeepLinkKey = "resource" AppDeepLinkKey = "application" @@ -71,7 +81,7 @@ func EvaluateDeepLinksResponse(obj map[string]interface{}, name string, links [] finalLinks := []*application.LinkInfo{} errors := []string{} for _, link := range links { - t, err := template.New("deep-link").Parse(link.URL) + t, err := template.New("deep-link").Funcs(sprigFuncMap).Parse(link.URL) if err != nil { errors = append(errors, fmt.Sprintf("failed to parse link template '%v', error=%v", link.URL, err.Error())) continue diff --git a/server/deeplinks/deeplinks_test.go b/server/deeplinks/deeplinks_test.go index 0f5c1cbc787fc..51693fb69a5ec 100644 --- a/server/deeplinks/deeplinks_test.go +++ b/server/deeplinks/deeplinks_test.go @@ -130,6 +130,22 @@ func TestDeepLinks(t *testing.T) { }}, error: []string{"link condition '1 + 1' evaluated to non-boolean value for resource test"}, }, + { + appObj: appObj, + resourceObj: resourceObj, + projectObj: projectObj, + clusterObj: clusterObj, + inputLinks: []settings.DeepLink{{ + Title: "link", + URL: "http://example.com/{{ .cluster.name | replace \"-\" \"_\" }}&{{ first .project.spec.sourceRepos }}", + Condition: pointer.String(`application.metadata.name == "test" && project.metadata.name == "test-project"`), + }}, + outputLinks: []*application.LinkInfo{{ + Title: pointer.String("link"), + Url: pointer.String("http://example.com/test_cluster&test-repo.git"), + }}, + error: []string{}, + }, } for _, tc := range testTable { From 0ae5882d5ae9fe88efc51f65ca8543fb8c3a0aa1 Mon Sep 17 00:00:00 2001 From: Yuan Tang Date: Mon, 24 Jul 2023 13:49:51 -0400 Subject: [PATCH 043/105] chore: Print in-cluster svr addr disabled warning when server starts (#14553) * chore: Print in-cluster svr addr disabled warning when server starts Signed-off-by: Yuan Tang * fix: mock Signed-off-by: Yuan Tang * no interface change Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Yuan Tang Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- server/server.go | 57 +++++++++++++++++++++++++++++++++++++++-- util/db/cluster.go | 20 +++++++-------- util/db/cluster_test.go | 6 ++--- util/db/db.go | 29 +-------------------- 4 files changed, 69 insertions(+), 43 deletions(-) diff --git a/server/server.go b/server/server.go index f0f2df6680ad7..7b36d9bca9861 100644 --- a/server/server.go +++ b/server/server.go @@ -25,6 +25,8 @@ import ( // nolint:staticcheck golang_proto "github.com/golang/protobuf/proto" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/selection" "github.com/argoproj/notifications-engine/pkg/api" "github.com/argoproj/pkg/sync" @@ -291,7 +293,9 @@ func NewServer(ctx context.Context, opts ArgoCDServerOpts) *ArgoCDServer { apiFactory := api.NewFactory(settings_notif.GetFactorySettings(argocdService, "argocd-notifications-secret", "argocd-notifications-cm"), opts.Namespace, secretInformer, configMapInformer) - return &ArgoCDServer{ + dbInstance := db.NewDB(opts.Namespace, settingsMgr, opts.KubeClientset) + + a := &ArgoCDServer{ ArgoCDServerOpts: opts, log: log.NewEntry(log.StandardLogger()), settings: settings, @@ -307,11 +311,19 @@ func NewServer(ctx context.Context, opts ArgoCDServerOpts) *ArgoCDServer { policyEnforcer: policyEnf, userStateStorage: userStateStorage, staticAssets: http.FS(staticFS), - db: db.NewDB(opts.Namespace, settingsMgr, opts.KubeClientset), + db: dbInstance, apiFactory: apiFactory, secretInformer: secretInformer, configMapInformer: configMapInformer, } + + err = a.logInClusterWarnings() + if err != nil { + // Just log. It's not critical. + log.Warnf("Failed to log in-cluster warnings: %v", err) + } + + return a } const ( @@ -358,6 +370,47 @@ func (l *Listeners) Close() error { return nil } +// logInClusterWarnings checks the in-cluster configuration and prints out any warnings. +func (a *ArgoCDServer) logInClusterWarnings() error { + labelSelector := labels.NewSelector() + req, err := labels.NewRequirement(common.LabelKeySecretType, selection.Equals, []string{common.LabelValueSecretTypeCluster}) + if err != nil { + return fmt.Errorf("failed to construct cluster-type label selector: %w", err) + } + labelSelector = labelSelector.Add(*req) + secretsLister, err := a.settingsMgr.GetSecretsLister() + if err != nil { + return fmt.Errorf("failed to get secrets lister: %w", err) + } + clusterSecrets, err := secretsLister.Secrets(a.ArgoCDServerOpts.Namespace).List(labelSelector) + if err != nil { + return fmt.Errorf("failed to list cluster secrets: %w", err) + } + var inClusterSecrets []string + for _, clusterSecret := range clusterSecrets { + cluster, err := db.SecretToCluster(clusterSecret) + if err != nil { + return fmt.Errorf("could not unmarshal cluster secret %q: %w", clusterSecret.Name, err) + } + if cluster.Server == v1alpha1.KubernetesInternalAPIServerAddr { + inClusterSecrets = append(inClusterSecrets, clusterSecret.Name) + } + } + if len(inClusterSecrets) > 0 { + // Don't make this call unless we actually have in-cluster secrets, to save time. + dbSettings, err := a.settingsMgr.GetSettings() + if err != nil { + return fmt.Errorf("could not get DB settings: %w", err) + } + if !dbSettings.InClusterEnabled { + for _, clusterName := range inClusterSecrets { + log.Warnf("cluster %q uses in-cluster server address but it's disabled in Argo CD settings", clusterName) + } + } + } + return nil +} + func startListener(host string, port int) (net.Listener, error) { var conn net.Listener var realErr error diff --git a/util/db/cluster.go b/util/db/cluster.go index df1644e0dbbb9..9b405a9cacd60 100644 --- a/util/db/cluster.go +++ b/util/db/cluster.go @@ -68,7 +68,7 @@ func (db *db) ListClusters(ctx context.Context) (*appv1.ClusterList, error) { inClusterEnabled := settings.InClusterEnabled hasInClusterCredentials := false for _, clusterSecret := range clusterSecrets { - cluster, err := secretToCluster(clusterSecret) + cluster, err := SecretToCluster(clusterSecret) if err != nil { log.Errorf("could not unmarshal cluster secret %s", clusterSecret.Name) continue @@ -120,7 +120,7 @@ func (db *db) CreateCluster(ctx context.Context, c *appv1.Cluster) (*appv1.Clust return nil, err } - cluster, err := secretToCluster(clusterSecret) + cluster, err := SecretToCluster(clusterSecret) if err != nil { return nil, status.Errorf(codes.InvalidArgument, "could not unmarshal cluster secret %s", clusterSecret.Name) } @@ -148,7 +148,7 @@ func (db *db) WatchClusters(ctx context.Context, common.LabelValueSecretTypeCluster, func(secret *apiv1.Secret) { - cluster, err := secretToCluster(secret) + cluster, err := SecretToCluster(secret) if err != nil { log.Errorf("could not unmarshal cluster secret %s", secret.Name) return @@ -163,12 +163,12 @@ func (db *db) WatchClusters(ctx context.Context, }, func(oldSecret *apiv1.Secret, newSecret *apiv1.Secret) { - oldCluster, err := secretToCluster(oldSecret) + oldCluster, err := SecretToCluster(oldSecret) if err != nil { log.Errorf("could not unmarshal cluster secret %s", oldSecret.Name) return } - newCluster, err := secretToCluster(newSecret) + newCluster, err := SecretToCluster(newSecret) if err != nil { log.Errorf("could not unmarshal cluster secret %s", newSecret.Name) return @@ -218,7 +218,7 @@ func (db *db) GetCluster(_ context.Context, server string) (*appv1.Cluster, erro return nil, err } if len(res) > 0 { - return secretToCluster(res[0].(*apiv1.Secret)) + return SecretToCluster(res[0].(*apiv1.Secret)) } if server == appv1.KubernetesInternalAPIServerAddr { return db.getLocalCluster(), nil @@ -239,7 +239,7 @@ func (db *db) GetProjectClusters(ctx context.Context, project string) ([]*appv1. } var res []*appv1.Cluster for i := range secrets { - cluster, err := secretToCluster(secrets[i].(*apiv1.Secret)) + cluster, err := SecretToCluster(secrets[i].(*apiv1.Secret)) if err != nil { return nil, fmt.Errorf("failed to convert secret to cluster: %w", err) } @@ -293,7 +293,7 @@ func (db *db) UpdateCluster(ctx context.Context, c *appv1.Cluster) (*appv1.Clust if err != nil { return nil, err } - cluster, err := secretToCluster(clusterSecret) + cluster, err := SecretToCluster(clusterSecret) if err != nil { log.Errorf("could not unmarshal cluster secret %s", clusterSecret.Name) return nil, err @@ -360,8 +360,8 @@ func clusterToSecret(c *appv1.Cluster, secret *apiv1.Secret) error { return nil } -// secretToCluster converts a secret into a Cluster object -func secretToCluster(s *apiv1.Secret) (*appv1.Cluster, error) { +// SecretToCluster converts a secret into a Cluster object +func SecretToCluster(s *apiv1.Secret) (*appv1.Cluster, error) { var config appv1.ClusterConfig if len(s.Data["config"]) > 0 { err := json.Unmarshal(s.Data["config"], &config) diff --git a/util/db/cluster_test.go b/util/db/cluster_test.go index c3b273b4fe5ef..9d60a3073c3c2 100644 --- a/util/db/cluster_test.go +++ b/util/db/cluster_test.go @@ -43,7 +43,7 @@ func Test_secretToCluster(t *testing.T) { "config": []byte("{\"username\":\"foo\"}"), }, } - cluster, err := secretToCluster(secret) + cluster, err := SecretToCluster(secret) require.NoError(t, err) assert.Equal(t, *cluster, v1alpha1.Cluster{ Name: "test", @@ -89,7 +89,7 @@ func Test_secretToCluster_NoConfig(t *testing.T) { "server": []byte("http://mycluster"), }, } - cluster, err := secretToCluster(secret) + cluster, err := SecretToCluster(secret) assert.NoError(t, err) assert.Equal(t, *cluster, v1alpha1.Cluster{ Name: "test", @@ -111,7 +111,7 @@ func Test_secretToCluster_InvalidConfig(t *testing.T) { "config": []byte("{'tlsClientConfig':{'insecure':false}}"), }, } - cluster, err := secretToCluster(secret) + cluster, err := SecretToCluster(secret) require.Error(t, err) assert.Nil(t, cluster) } diff --git a/util/db/db.go b/util/db/db.go index f66cf65dc9c47..05ae38e75bb84 100644 --- a/util/db/db.go +++ b/util/db/db.go @@ -4,11 +4,9 @@ import ( "context" "strings" - log "github.com/sirupsen/logrus" v1 "k8s.io/api/core/v1" "k8s.io/client-go/kubernetes" - "github.com/argoproj/argo-cd/v2/common" appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/settings" ) @@ -95,36 +93,11 @@ type db struct { // NewDB returns a new instance of the argo database func NewDB(namespace string, settingsMgr *settings.SettingsManager, kubeclientset kubernetes.Interface) ArgoDB { - dbInstance := db{ + return &db{ settingsMgr: settingsMgr, ns: namespace, kubeclientset: kubeclientset, } - dbInstance.logInClusterWarning() - return &dbInstance -} - -func (db *db) logInClusterWarning() { - clusterSecrets, err := db.listSecretsByType(common.LabelValueSecretTypeCluster) - if err != nil { - log.WithError(err).Errorln("could not list secrets by type") - } - dbSettings, err := db.settingsMgr.GetSettings() - if err != nil { - log.WithError(err).Errorln("could not get DB settings") - } - for _, clusterSecret := range clusterSecrets { - cluster, err := secretToCluster(clusterSecret) - if err != nil { - log.Errorf("could not unmarshal cluster secret %s", clusterSecret.Name) - continue - } - if cluster.Server == appv1.KubernetesInternalAPIServerAddr { - if !dbSettings.InClusterEnabled { - log.Warnf("cluster %q uses in-cluster server address but it's disabled in Argo CD settings", cluster.Name) - } - } - } } func (db *db) getSecret(name string, cache map[string]*v1.Secret) (*v1.Secret, error) { From ec9d305e3fef6327ed1fbe23edbfd6fca4119cef Mon Sep 17 00:00:00 2001 From: Yi Cai Date: Tue, 25 Jul 2023 17:57:58 -0400 Subject: [PATCH 044/105] chore: Upgrade semver to avoid cve (#14710) Signed-off-by: Yi Cai --- ui/yarn.lock | 36 ++++++++++++------------------------ 1 file changed, 12 insertions(+), 24 deletions(-) diff --git a/ui/yarn.lock b/ui/yarn.lock index d82e6ea715563..9c46e7ca7093e 100644 --- a/ui/yarn.lock +++ b/ui/yarn.lock @@ -3367,7 +3367,7 @@ core-js-compat@^3.1.1: integrity sha512-Wp+BJVvwopjI+A1EFqm2dwUmWYXrvucmtIB2LgXn/Rb+gWPKYxtmb4GKHGKG/KGF1eK9jfjzT38DITbTOCX/SQ== dependencies: browserslist "^4.16.6" - semver "7.0.0" + semver "^7.3.5" core-js@^2.4.0: version "2.6.12" @@ -8465,34 +8465,22 @@ selfsigned@^2.0.0: dependencies: node-forge "^1" -semver@7.0.0: - version "7.0.0" - resolved "https://registry.yarnpkg.com/semver/-/semver-7.0.0.tgz#5f3ca35761e47e05b206c6daff2cf814f0316b8e" - integrity sha512-+GB6zVA9LWh6zovYQLALHwv5rb2PHGlJi3lfiqIHxR0uuwCgefcOJc59v9fv1w8GbStwxuuqqAjI9NMAOOgq1A== +semver@^6.0.0, semver@^6.3.0: + version "6.3.1" + resolved "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4" + integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA== -semver@7.x, semver@^7.3.2: - version "7.3.5" - resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.5.tgz#0b621c879348d8998e4b0e4be94b3f12e6018ef7" - integrity sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ== +semver@7.x, semver@^7.3.2, semver@^7.3.5, semver@^7.3.8: + version "7.5.2" + resolved "https://registry.npmjs.org/semver/-/semver-7.5.2.tgz#5b851e66d1be07c1cdaf37dfc856f543325a2beb" + integrity sha512-SoftuTROv/cRjCze/scjGyiDtcUyxw1rgYQSZY7XTmtR5hX+dm76iDbTH8TkLPHCQmlbQVSSbNZCPM2hb0knnQ== dependencies: lru-cache "^6.0.0" semver@^5.3.0, semver@^5.4.1, semver@^5.5.0, semver@^5.6.0: - version "5.7.0" - resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.0.tgz#790a7cf6fea5459bac96110b29b60412dc8ff96b" - integrity sha512-Ya52jSX2u7QKghxeoFGpLwCtGlt7j0oY9DYb5apt9nPlJ42ID+ulTXESnt/qAQcoSERyZ5sl3LDIOw0nAn/5DA== - -semver@^6.0.0, semver@^6.3.0: - version "6.3.0" - resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d" - integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw== - -semver@^7.3.8: - version "7.3.8" - resolved "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz#07a78feafb3f7b32347d725e33de7e2a2df67798" - integrity sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A== - dependencies: - lru-cache "^6.0.0" + version "5.7.2" + resolved "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8" + integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g== send@0.17.2: version "0.17.2" From 4a504401a66a8badbc7352cb0526d8f185401d9d Mon Sep 17 00:00:00 2001 From: Gerardo Corea Date: Wed, 26 Jul 2023 12:35:44 -0400 Subject: [PATCH 045/105] feat: adding a autosync_enabled field to the argocd_app_info gauge (#14424) Signed-off-by: Gerardo Corea --- controller/metrics/metrics.go | 6 ++++-- controller/metrics/metrics_test.go | 16 ++++++++++++---- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/controller/metrics/metrics.go b/controller/metrics/metrics.go index 3cd9837ff7036..3cfb16a249339 100644 --- a/controller/metrics/metrics.go +++ b/controller/metrics/metrics.go @@ -56,7 +56,7 @@ var ( descAppInfo = prometheus.NewDesc( "argocd_app_info", "Information about application.", - append(descAppDefaultLabels, "repo", "dest_server", "dest_namespace", "sync_status", "health_status", "operation"), + append(descAppDefaultLabels, "autosync_enabled", "repo", "dest_server", "dest_namespace", "sync_status", "health_status", "operation"), nil, ) // DEPRECATED @@ -381,7 +381,9 @@ func (c *appCollector) collectApps(ch chan<- prometheus.Metric, app *argoappv1.A healthStatus = health.HealthStatusUnknown } - addGauge(descAppInfo, 1, git.NormalizeGitURL(app.Spec.GetSource().RepoURL), app.Spec.Destination.Server, app.Spec.Destination.Namespace, string(syncStatus), string(healthStatus), operation) + autoSyncEnabled := app.Spec.SyncPolicy != nil && app.Spec.SyncPolicy.Automated != nil + + addGauge(descAppInfo, 1, strconv.FormatBool(autoSyncEnabled), git.NormalizeGitURL(app.Spec.GetSource().RepoURL), app.Spec.Destination.Server, app.Spec.Destination.Namespace, string(syncStatus), string(healthStatus), operation) if len(c.appLabels) > 0 { labelValues := []string{} diff --git a/controller/metrics/metrics_test.go b/controller/metrics/metrics_test.go index 00309fb0944a7..61a99a46492a2 100644 --- a/controller/metrics/metrics_test.go +++ b/controller/metrics/metrics_test.go @@ -66,6 +66,10 @@ spec: source: path: some/path repoURL: https://github.com/argoproj/argocd-example-apps.git + syncPolicy: + automated: + selfHeal: false + prune: true status: sync: status: Synced @@ -97,6 +101,10 @@ spec: source: path: some/path repoURL: https://github.com/argoproj/argocd-example-apps.git + syncPolicy: + automated: + selfHeal: true + prune: false status: sync: status: OutOfSync @@ -227,9 +235,9 @@ func TestMetrics(t *testing.T) { responseContains: ` # HELP argocd_app_info Information about application. # TYPE argocd_app_info gauge -argocd_app_info{dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Degraded",name="my-app-3",namespace="argocd",operation="delete",project="important-project",repo="https://github.com/argoproj/argocd-example-apps",sync_status="OutOfSync"} 1 -argocd_app_info{dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Healthy",name="my-app",namespace="argocd",operation="",project="important-project",repo="https://github.com/argoproj/argocd-example-apps",sync_status="Synced"} 1 -argocd_app_info{dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Healthy",name="my-app-2",namespace="argocd",operation="sync",project="important-project",repo="https://github.com/argoproj/argocd-example-apps",sync_status="Synced"} 1 +argocd_app_info{autosync_enabled="true",dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Degraded",name="my-app-3",namespace="argocd",operation="delete",project="important-project",repo="https://github.com/argoproj/argocd-example-apps",sync_status="OutOfSync"} 1 +argocd_app_info{autosync_enabled="false",dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Healthy",name="my-app",namespace="argocd",operation="",project="important-project",repo="https://github.com/argoproj/argocd-example-apps",sync_status="Synced"} 1 +argocd_app_info{autosync_enabled="true",dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Healthy",name="my-app-2",namespace="argocd",operation="sync",project="important-project",repo="https://github.com/argoproj/argocd-example-apps",sync_status="Synced"} 1 `, }, { @@ -237,7 +245,7 @@ argocd_app_info{dest_namespace="dummy-namespace",dest_server="https://localhost: responseContains: ` # HELP argocd_app_info Information about application. # TYPE argocd_app_info gauge -argocd_app_info{dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Healthy",name="my-app",namespace="argocd",operation="",project="default",repo="https://github.com/argoproj/argocd-example-apps",sync_status="Synced"} 1 +argocd_app_info{autosync_enabled="false",dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Healthy",name="my-app",namespace="argocd",operation="",project="default",repo="https://github.com/argoproj/argocd-example-apps",sync_status="Synced"} 1 `, }, } From 703df96acd8cef80726a0a2d758406605b5004d3 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Wed, 26 Jul 2023 17:02:56 -0400 Subject: [PATCH 046/105] fix(controller): log failed attempts to update operation state (#14273) * fix(controller): log failed attempts to update operation state Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * new package name Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Update controller/appcontroller_test.go Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- controller/appcontroller.go | 114 +++++++++++++++++-------------- controller/appcontroller_test.go | 37 ++++++++++ 2 files changed, 98 insertions(+), 53 deletions(-) diff --git a/controller/appcontroller.go b/controller/appcontroller.go index 45f1b0d4e9e90..9f3e32ba0b6e6 100644 --- a/controller/appcontroller.go +++ b/controller/appcontroller.go @@ -1248,40 +1248,44 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli } func (ctrl *ApplicationController) setOperationState(app *appv1.Application, state *appv1.OperationState) { - kube.RetryUntilSucceed(context.Background(), updateOperationStateTimeout, "Update application operation state", logutils.NewLogrusLogger(logutils.NewWithCurrentConfig()), func() error { - if state.Phase == "" { - // expose any bugs where we neglect to set phase - panic("no phase was set") - } - if state.Phase.Completed() { - now := metav1.Now() - state.FinishedAt = &now - } - patch := map[string]interface{}{ - "status": map[string]interface{}{ - "operationState": state, - }, - } - if state.Phase.Completed() { - // If operation is completed, clear the operation field to indicate no operation is - // in progress. - patch["operation"] = nil - } - if reflect.DeepEqual(app.Status.OperationState, state) { - log.Infof("No operation updates necessary to '%s'. Skipping patch", app.QualifiedName()) - return nil - } - patchJSON, err := json.Marshal(patch) + logCtx := log.WithFields(log.Fields{"application": app.Name, "appNamespace": app.Namespace, "project": app.Spec.Project}) + + if state.Phase == "" { + // expose any bugs where we neglect to set phase + panic("no phase was set") + } + if state.Phase.Completed() { + now := metav1.Now() + state.FinishedAt = &now + } + patch := map[string]interface{}{ + "status": map[string]interface{}{ + "operationState": state, + }, + } + if state.Phase.Completed() { + // If operation is completed, clear the operation field to indicate no operation is + // in progress. + patch["operation"] = nil + } + if reflect.DeepEqual(app.Status.OperationState, state) { + logCtx.Infof("No operation updates necessary to '%s'. Skipping patch", app.QualifiedName()) + return + } + patchJSON, err := json.Marshal(patch) + if err != nil { + logCtx.Errorf("error marshaling json: %v", err) + return + } + if app.Status.OperationState != nil && app.Status.OperationState.FinishedAt != nil && state.FinishedAt == nil { + patchJSON, err = jsonpatch.MergeMergePatches(patchJSON, []byte(`{"status": {"operationState": {"finishedAt": null}}}`)) if err != nil { - return fmt.Errorf("error marshaling json: %w", err) - } - if app.Status.OperationState != nil && app.Status.OperationState.FinishedAt != nil && state.FinishedAt == nil { - patchJSON, err = jsonpatch.MergeMergePatches(patchJSON, []byte(`{"status": {"operationState": {"finishedAt": null}}}`)) - if err != nil { - return fmt.Errorf("error merging operation state patch: %w", err) - } + logCtx.Errorf("error merging operation state patch: %v", err) + return } + } + kube.RetryUntilSucceed(context.Background(), updateOperationStateTimeout, "Update application operation state", logutils.NewLogrusLogger(logutils.NewWithCurrentConfig()), func() error { appClient := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(app.Namespace) _, err = appClient.Patch(context.Background(), app.Name, types.MergePatchType, patchJSON, metav1.PatchOptions{}) if err != nil { @@ -1289,32 +1293,36 @@ func (ctrl *ApplicationController) setOperationState(app *appv1.Application, sta if apierr.IsNotFound(err) { return nil } + // kube.RetryUntilSucceed logs failed attempts at "debug" level, but we want to know if this fails. Log a + // warning. + logCtx.Warnf("error patching application with operation state: %v", err) return fmt.Errorf("error patching application with operation state: %w", err) } - log.Infof("updated '%s' operation (phase: %s)", app.QualifiedName(), state.Phase) - if state.Phase.Completed() { - eventInfo := argo.EventInfo{Reason: argo.EventReasonOperationCompleted} - var messages []string - if state.Operation.Sync != nil && len(state.Operation.Sync.Resources) > 0 { - messages = []string{"Partial sync operation"} - } else { - messages = []string{"Sync operation"} - } - if state.SyncResult != nil { - messages = append(messages, "to", state.SyncResult.Revision) - } - if state.Phase.Successful() { - eventInfo.Type = v1.EventTypeNormal - messages = append(messages, "succeeded") - } else { - eventInfo.Type = v1.EventTypeWarning - messages = append(messages, "failed:", state.Message) - } - ctrl.auditLogger.LogAppEvent(app, eventInfo, strings.Join(messages, " "), "") - ctrl.metricsServer.IncSync(app, state) - } return nil }) + + logCtx.Infof("updated '%s' operation (phase: %s)", app.QualifiedName(), state.Phase) + if state.Phase.Completed() { + eventInfo := argo.EventInfo{Reason: argo.EventReasonOperationCompleted} + var messages []string + if state.Operation.Sync != nil && len(state.Operation.Sync.Resources) > 0 { + messages = []string{"Partial sync operation"} + } else { + messages = []string{"Sync operation"} + } + if state.SyncResult != nil { + messages = append(messages, "to", state.SyncResult.Revision) + } + if state.Phase.Successful() { + eventInfo.Type = v1.EventTypeNormal + messages = append(messages, "succeeded") + } else { + eventInfo.Type = v1.EventTypeWarning + messages = append(messages, "failed:", state.Message) + } + ctrl.auditLogger.LogAppEvent(app, eventInfo, strings.Join(messages, " "), "") + ctrl.metricsServer.IncSync(app, state) + } } func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext bool) { diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go index a849c3bd292ca..f43e1329680fa 100644 --- a/controller/appcontroller_test.go +++ b/controller/appcontroller_test.go @@ -3,9 +3,11 @@ package controller import ( "context" "encoding/json" + "errors" "testing" "time" + "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/api/resource" clustercache "github.com/argoproj/gitops-engine/pkg/cache" @@ -926,6 +928,41 @@ func TestSetOperationStateOnDeletedApp(t *testing.T) { assert.True(t, patched) } +type logHook struct { + entries []logrus.Entry +} + +func (h *logHook) Levels() []logrus.Level { + return []logrus.Level{logrus.WarnLevel} +} + +func (h *logHook) Fire(entry *logrus.Entry) error { + h.entries = append(h.entries, *entry) + return nil +} + +func TestSetOperationStateLogRetries(t *testing.T) { + hook := logHook{} + logrus.AddHook(&hook) + t.Cleanup(func() { + logrus.StandardLogger().ReplaceHooks(logrus.LevelHooks{}) + }) + ctrl := newFakeController(&fakeData{apps: []runtime.Object{}}) + fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset) + fakeAppCs.ReactionChain = nil + patched := false + fakeAppCs.AddReactor("patch", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { + if !patched { + patched = true + return true, nil, errors.New("fake error") + } + return true, nil, nil + }) + ctrl.setOperationState(newFakeApp(), &v1alpha1.OperationState{Phase: synccommon.OperationSucceeded}) + assert.True(t, patched) + assert.Contains(t, hook.entries[0].Message, "fake error") +} + func TestNeedRefreshAppStatus(t *testing.T) { testCases := []struct { name string From e08840f12b627d8a1ebf02a4ddf4258601192f3f Mon Sep 17 00:00:00 2001 From: Michael Merrill Date: Wed, 26 Jul 2023 17:05:16 -0400 Subject: [PATCH 047/105] fix(server): handle PATCH in http/s server (#2677) (#14530) Signed-off-by: mmerrill3 --- server/server.go | 6 +++--- test/e2e/app_management_test.go | 18 ++++++++++++++++++ test/e2e/fixture/app/actions.go | 24 ++++++++++++++++++++++++ 3 files changed, 45 insertions(+), 3 deletions(-) diff --git a/server/server.go b/server/server.go index 7b36d9bca9861..042940279e9bd 100644 --- a/server/server.go +++ b/server/server.go @@ -513,12 +513,12 @@ func (a *ArgoCDServer) Run(ctx context.Context, listeners *Listeners) { var httpL net.Listener var httpsL net.Listener if !a.useTLS() { - httpL = tcpm.Match(cmux.HTTP1Fast()) + httpL = tcpm.Match(cmux.HTTP1Fast("PATCH")) grpcL = tcpm.MatchWithWriters(cmux.HTTP2MatchHeaderFieldSendSettings("content-type", "application/grpc")) } else { // We first match on HTTP 1.1 methods. - httpL = tcpm.Match(cmux.HTTP1Fast()) + httpL = tcpm.Match(cmux.HTTP1Fast("PATCH")) // If not matched, we assume that its TLS. tlsl := tcpm.Match(cmux.Any()) @@ -533,7 +533,7 @@ func (a *ArgoCDServer) Run(ctx context.Context, listeners *Listeners) { // Now, we build another mux recursively to match HTTPS and gRPC. tlsm = cmux.New(tlsl) - httpsL = tlsm.Match(cmux.HTTP1Fast()) + httpsL = tlsm.Match(cmux.HTTP1Fast("PATCH")) grpcL = tlsm.MatchWithWriters(cmux.HTTP2MatchHeaderFieldSendSettings("content-type", "application/grpc")) } diff --git a/test/e2e/app_management_test.go b/test/e2e/app_management_test.go index 054d02407a100..00c5cbf549661 100644 --- a/test/e2e/app_management_test.go +++ b/test/e2e/app_management_test.go @@ -476,6 +476,24 @@ func TestDeleteAppResource(t *testing.T) { Expect(HealthIs(health.HealthStatusMissing)) } +// Fix for issue #2677, support PATCH in HTTP service +func TestPatchHttp(t *testing.T) { + ctx := Given(t) + + ctx. + Path(guestbookPath). + When(). + CreateApp(). + Sync(). + PatchAppHttp(`{"metadata": {"labels": { "test": "patch" }, "annotations": { "test": "patch" }}}`). + Then(). + And(func(app *Application) { + assert.Equal(t, "patch", app.Labels["test"]) + assert.Equal(t, "patch", app.Annotations["test"]) + }) + +} + // demonstrate that we cannot use a standard sync when an immutable field is changed, we must use "force" func TestImmutableChange(t *testing.T) { SkipOnEnv(t, "OPENSHIFT") diff --git a/test/e2e/fixture/app/actions.go b/test/e2e/fixture/app/actions.go index c4e173ddf6336..5a2ca2748885a 100644 --- a/test/e2e/fixture/app/actions.go +++ b/test/e2e/fixture/app/actions.go @@ -1,12 +1,14 @@ package app import ( + "encoding/json" "fmt" "os" log "github.com/sirupsen/logrus" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + client "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" . "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/test/e2e/fixture" "github.com/argoproj/argo-cd/v2/util/errors" @@ -295,6 +297,28 @@ func (a *Actions) PatchApp(patch string) *Actions { return a } +func (a *Actions) PatchAppHttp(patch string) *Actions { + a.context.t.Helper() + var application Application + var patchType = "merge" + var appName = a.context.AppQualifiedName() + var appNamespace = a.context.AppNamespace() + patchRequest := &client.ApplicationPatchRequest{ + Name: &appName, + PatchType: &patchType, + Patch: &patch, + AppNamespace: &appNamespace, + } + jsonBytes, err := json.MarshalIndent(patchRequest, "", " ") + errors.CheckError(err) + err = fixture.DoHttpJsonRequest("PATCH", + fmt.Sprintf("/api/v1/applications/%v", appName), + &application, + jsonBytes...) + errors.CheckError(err) + return a +} + func (a *Actions) AppSet(flags ...string) *Actions { a.context.t.Helper() args := []string{"app", "set", a.context.AppQualifiedName()} From d04633b6cfaeefd88614a1136b0d91a38c684f53 Mon Sep 17 00:00:00 2001 From: Alexandre Gaudreault Date: Wed, 26 Jul 2023 17:05:44 -0400 Subject: [PATCH 048/105] fix: manifest generation error with null annotations (#14336) (#14680) * fix: manifest generation error with null annotations Signed-off-by: Alexandre Gaudreault * fix test Signed-off-by: Alexandre Gaudreault * fix unit tests Signed-off-by: Alexandre Gaudreault --------- Signed-off-by: Alexandre Gaudreault --- reposerver/repository/repository_test.go | 22 ++++++++++++ .../testdata/invalid-metadata/bad.yaml | 17 ++++++++++ .../nil-metadata-accessors.yaml | 8 +++++ util/kube/kube.go | 34 ++++++++++++------- util/kube/kube_test.go | 4 +-- 5 files changed, 71 insertions(+), 14 deletions(-) create mode 100644 reposerver/repository/testdata/invalid-metadata/bad.yaml create mode 100644 reposerver/repository/testdata/nil-metadata-accessors/nil-metadata-accessors.yaml diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go index e3e29d0b0c0ad..2465a7dcb6242 100644 --- a/reposerver/repository/repository_test.go +++ b/reposerver/repository/repository_test.go @@ -413,6 +413,28 @@ func TestInvalidManifestsInDir(t *testing.T) { assert.NotNil(t, err) } +func TestInvalidMetadata(t *testing.T) { + service := newService(".") + + src := argoappv1.ApplicationSource{Path: "./testdata/invalid-metadata", Directory: &argoappv1.ApplicationSourceDirectory{Recurse: true}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, AppLabelKey: "test", AppName: "invalid-metadata", TrackingMethod: "annotation+label"} + _, err := service.GenerateManifest(context.Background(), &q) + assert.Error(t, err) + assert.Contains(t, err.Error(), "contains non-string key in the map") +} + +func TestNilMetadataAccessors(t *testing.T) { + service := newService(".") + expected := "{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"annotations\":{\"argocd.argoproj.io/tracking-id\":\"nil-metadata-accessors:/ConfigMap:/my-map\"},\"labels\":{\"test\":\"nil-metadata-accessors\"},\"name\":\"my-map\"},\"stringData\":{\"foo\":\"bar\"}}" + + src := argoappv1.ApplicationSource{Path: "./testdata/nil-metadata-accessors", Directory: &argoappv1.ApplicationSourceDirectory{Recurse: true}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, AppLabelKey: "test", AppName: "nil-metadata-accessors", TrackingMethod: "annotation+label"} + res, err := service.GenerateManifest(context.Background(), &q) + assert.NoError(t, err) + assert.Equal(t, len(res.Manifests), 1) + assert.Equal(t, expected, res.Manifests[0]) +} + func TestGenerateJsonnetManifestInDir(t *testing.T) { service := newService(".") diff --git a/reposerver/repository/testdata/invalid-metadata/bad.yaml b/reposerver/repository/testdata/invalid-metadata/bad.yaml new file mode 100644 index 0000000000000..83f48a40dc334 --- /dev/null +++ b/reposerver/repository/testdata/invalid-metadata/bad.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-map-annotation + annotations: + invalid: true +stringData: + foo: bar +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-map-label + labels: + invalid: true +stringData: + foo: bar diff --git a/reposerver/repository/testdata/nil-metadata-accessors/nil-metadata-accessors.yaml b/reposerver/repository/testdata/nil-metadata-accessors/nil-metadata-accessors.yaml new file mode 100644 index 0000000000000..53979de769c01 --- /dev/null +++ b/reposerver/repository/testdata/nil-metadata-accessors/nil-metadata-accessors.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-map + annotations: + labels: +stringData: + foo: bar diff --git a/util/kube/kube.go b/util/kube/kube.go index 269d3372077a3..5ea4394b726f0 100644 --- a/util/kube/kube.go +++ b/util/kube/kube.go @@ -21,8 +21,7 @@ func IsValidResourceName(name string) bool { // SetAppInstanceLabel the recommended app.kubernetes.io/instance label against an unstructured object // Uses the legacy labeling if environment variable is set func SetAppInstanceLabel(target *unstructured.Unstructured, key, val string) error { - // Do not use target.GetLabels(), https://github.com/argoproj/argo-cd/issues/13730 - labels, _, err := unstructured.NestedStringMap(target.Object, "metadata", "labels") + labels, _, err := nestedNullableStringMap(target.Object, "metadata", "labels") if err != nil { return fmt.Errorf("failed to get labels from target object %s %s/%s: %w", target.GroupVersionKind().String(), target.GetNamespace(), target.GetName(), err) } @@ -101,11 +100,11 @@ func SetAppInstanceLabel(target *unstructured.Unstructured, key, val string) err // SetAppInstanceAnnotation the recommended app.kubernetes.io/instance annotation against an unstructured object // Uses the legacy labeling if environment variable is set func SetAppInstanceAnnotation(target *unstructured.Unstructured, key, val string) error { - // Do not use target.GetAnnotations(), https://github.com/argoproj/argo-cd/issues/13730 - annotations, _, err := unstructured.NestedStringMap(target.Object, "metadata", "annotations") + annotations, _, err := nestedNullableStringMap(target.Object, "metadata", "annotations") if err != nil { - return err + return fmt.Errorf("failed to get annotations from target object %s %s/%s: %w", target.GroupVersionKind().String(), target.GetNamespace(), target.GetName(), err) } + if annotations == nil { annotations = make(map[string]string) } @@ -116,10 +115,9 @@ func SetAppInstanceAnnotation(target *unstructured.Unstructured, key, val string // GetAppInstanceAnnotation returns the application instance name from annotation func GetAppInstanceAnnotation(un *unstructured.Unstructured, key string) (string, error) { - // Do not use target.GetAnnotations(), https://github.com/argoproj/argo-cd/issues/13730 - annotations, _, err := unstructured.NestedStringMap(un.Object, "metadata", "annotations") + annotations, _, err := nestedNullableStringMap(un.Object, "metadata", "annotations") if err != nil { - return "", err + return "", fmt.Errorf("failed to get annotations from target object %s %s/%s: %w", un.GroupVersionKind().String(), un.GetNamespace(), un.GetName(), err) } if annotations != nil { return annotations[key], nil @@ -129,8 +127,7 @@ func GetAppInstanceAnnotation(un *unstructured.Unstructured, key string) (string // GetAppInstanceLabel returns the application instance name from labels func GetAppInstanceLabel(un *unstructured.Unstructured, key string) (string, error) { - // Do not use target.GetLabels(), https://github.com/argoproj/argo-cd/issues/13730 - labels, _, err := unstructured.NestedStringMap(un.Object, "metadata", "labels") + labels, _, err := nestedNullableStringMap(un.Object, "metadata", "labels") if err != nil { return "", fmt.Errorf("failed to get labels for %s %s/%s: %w", un.GroupVersionKind().String(), un.GetNamespace(), un.GetName(), err) } @@ -142,8 +139,7 @@ func GetAppInstanceLabel(un *unstructured.Unstructured, key string) (string, err // RemoveLabel removes label with the specified name func RemoveLabel(un *unstructured.Unstructured, key string) error { - // Do not use target.GetLabels(), https://github.com/argoproj/argo-cd/issues/13730 - labels, _, err := unstructured.NestedStringMap(un.Object, "metadata", "labels") + labels, _, err := nestedNullableStringMap(un.Object, "metadata", "labels") if err != nil { return fmt.Errorf("failed to get labels for %s %s/%s: %w", un.GroupVersionKind().String(), un.GetNamespace(), un.GetName(), err) } @@ -164,3 +160,17 @@ func RemoveLabel(un *unstructured.Unstructured, key string) error { } return nil } + +// nestedNullableStringMap returns a copy of map[string]string value of a nested field. +// Returns false if value is not found and an error if not one of map[string]interface{} or nil, or contains non-string values in the map. +func nestedNullableStringMap(obj map[string]interface{}, fields ...string) (map[string]string, bool, error) { + var m map[string]string + val, found, err := unstructured.NestedFieldNoCopy(obj, fields...) + if err != nil { + return nil, found, err + } + if found && val != nil { + return unstructured.NestedStringMap(obj, fields...) + } + return m, found, err +} diff --git a/util/kube/kube_test.go b/util/kube/kube_test.go index 94fd0faeeef00..1bd00380d0b05 100644 --- a/util/kube/kube_test.go +++ b/util/kube/kube_test.go @@ -192,7 +192,7 @@ func TestSetAppInstanceAnnotationWithInvalidData(t *testing.T) { assert.Nil(t, err) err = SetAppInstanceAnnotation(&obj, common.LabelKeyAppInstance, "my-app") assert.Error(t, err) - assert.Equal(t, ".metadata.annotations accessor error: contains non-string key in the map: is of the type , expected string", err.Error()) + assert.Equal(t, "failed to get annotations from target object /v1, Kind=Service /my-service: .metadata.annotations accessor error: contains non-string key in the map: is of the type , expected string", err.Error()) } func TestGetAppInstanceAnnotation(t *testing.T) { @@ -218,7 +218,7 @@ func TestGetAppInstanceAnnotationWithInvalidData(t *testing.T) { _, err = GetAppInstanceAnnotation(&obj, "valid-annotation") assert.Error(t, err) - assert.Equal(t, ".metadata.annotations accessor error: contains non-string key in the map: is of the type , expected string", err.Error()) + assert.Equal(t, "failed to get annotations from target object /v1, Kind=Service /my-service: .metadata.annotations accessor error: contains non-string key in the map: is of the type , expected string", err.Error()) } func TestGetAppInstanceLabel(t *testing.T) { From f7c654aac3fe8762b807945ba92d291a21498649 Mon Sep 17 00:00:00 2001 From: Fish-pro Date: Thu, 27 Jul 2023 05:07:05 +0800 Subject: [PATCH 049/105] Clean up repeated package import (#13889) Signed-off-by: Zechun Chen --- pkg/apiclient/apiclient.go | 7 +++---- server/server.go | 12 +++++------- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/pkg/apiclient/apiclient.go b/pkg/apiclient/apiclient.go index de48d10923261..0563357c7624f 100644 --- a/pkg/apiclient/apiclient.go +++ b/pkg/apiclient/apiclient.go @@ -46,7 +46,6 @@ import ( settingspkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/settings" versionpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/version" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/env" grpc_util "github.com/argoproj/argo-cd/v2/util/grpc" @@ -104,7 +103,7 @@ type Client interface { NewProjectClientOrDie() (io.Closer, projectpkg.ProjectServiceClient) NewAccountClient() (io.Closer, accountpkg.AccountServiceClient, error) NewAccountClientOrDie() (io.Closer, accountpkg.AccountServiceClient) - WatchApplicationWithRetry(ctx context.Context, appName string, revision string) chan *argoappv1.ApplicationWatchEvent + WatchApplicationWithRetry(ctx context.Context, appName string, revision string) chan *v1alpha1.ApplicationWatchEvent } // ClientOptions hold address, security, and other settings for the API client. @@ -802,8 +801,8 @@ func (c *client) NewAccountClientOrDie() (io.Closer, accountpkg.AccountServiceCl // WatchApplicationWithRetry returns a channel of watch events for an application, retrying the // watch upon errors. Closes the returned channel when the context is cancelled. -func (c *client) WatchApplicationWithRetry(ctx context.Context, appName string, revision string) chan *argoappv1.ApplicationWatchEvent { - appEventsCh := make(chan *argoappv1.ApplicationWatchEvent) +func (c *client) WatchApplicationWithRetry(ctx context.Context, appName string, revision string) chan *v1alpha1.ApplicationWatchEvent { + appEventsCh := make(chan *v1alpha1.ApplicationWatchEvent) cancelled := false appName, appNs := argo.ParseFromQualifiedName(appName, "") go func() { diff --git a/server/server.go b/server/server.go index 042940279e9bd..e7e3ffb351068 100644 --- a/server/server.go +++ b/server/server.go @@ -2,7 +2,6 @@ package server import ( "context" - netCtx "context" "crypto/tls" "errors" "fmt" @@ -104,7 +103,6 @@ import ( "github.com/argoproj/argo-cd/v2/util/assets" cacheutil "github.com/argoproj/argo-cd/v2/util/cache" "github.com/argoproj/argo-cd/v2/util/db" - "github.com/argoproj/argo-cd/v2/util/dex" dexutil "github.com/argoproj/argo-cd/v2/util/dex" "github.com/argoproj/argo-cd/v2/util/env" errorsutil "github.com/argoproj/argo-cd/v2/util/errors" @@ -209,7 +207,7 @@ type ArgoCDServerOpts struct { MetricsHost string Namespace string DexServerAddr string - DexTLSConfig *dex.DexTLSConfig + DexTLSConfig *dexutil.DexTLSConfig BaseHRef string RootPath string KubeClientset kubernetes.Interface @@ -612,7 +610,7 @@ func (a *ArgoCDServer) watchSettings() { prevURL := a.settings.URL prevOIDCConfig := a.settings.OIDCConfig() - prevDexCfgBytes, err := dex.GenerateDexConfigYAML(a.settings, a.DexTLSConfig == nil || a.DexTLSConfig.DisableTLS) + prevDexCfgBytes, err := dexutil.GenerateDexConfigYAML(a.settings, a.DexTLSConfig == nil || a.DexTLSConfig.DisableTLS) errorsutil.CheckError(err) prevGitHubSecret := a.settings.WebhookGitHubSecret prevGitLabSecret := a.settings.WebhookGitLabSecret @@ -627,7 +625,7 @@ func (a *ArgoCDServer) watchSettings() { for { newSettings := <-updateCh a.settings = newSettings - newDexCfgBytes, err := dex.GenerateDexConfigYAML(a.settings, a.DexTLSConfig == nil || a.DexTLSConfig.DisableTLS) + newDexCfgBytes, err := dexutil.GenerateDexConfigYAML(a.settings, a.DexTLSConfig == nil || a.DexTLSConfig.DisableTLS) errorsutil.CheckError(err) if string(newDexCfgBytes) != string(prevDexCfgBytes) { log.Infof("dex config modified. restarting") @@ -745,7 +743,7 @@ func (a *ArgoCDServer) newGRPCServer() (*grpc.Server, application.AppResourceTre grpc_prometheus.StreamServerInterceptor, grpc_auth.StreamServerInterceptor(a.Authenticate), grpc_util.UserAgentStreamServerInterceptor(common.ArgoCDUserAgentName, clientConstraint), - grpc_util.PayloadStreamServerInterceptor(a.log, true, func(ctx netCtx.Context, fullMethodName string, servingObject interface{}) bool { + grpc_util.PayloadStreamServerInterceptor(a.log, true, func(ctx context.Context, fullMethodName string, servingObject interface{}) bool { return !sensitiveMethods[fullMethodName] }), grpc_util.ErrorCodeK8sStreamServerInterceptor(), @@ -759,7 +757,7 @@ func (a *ArgoCDServer) newGRPCServer() (*grpc.Server, application.AppResourceTre grpc_prometheus.UnaryServerInterceptor, grpc_auth.UnaryServerInterceptor(a.Authenticate), grpc_util.UserAgentUnaryServerInterceptor(common.ArgoCDUserAgentName, clientConstraint), - grpc_util.PayloadUnaryServerInterceptor(a.log, true, func(ctx netCtx.Context, fullMethodName string, servingObject interface{}) bool { + grpc_util.PayloadUnaryServerInterceptor(a.log, true, func(ctx context.Context, fullMethodName string, servingObject interface{}) bool { return !sensitiveMethods[fullMethodName] }), grpc_util.ErrorCodeK8sUnaryServerInterceptor(), From f1607fee7c3bfad8eb56a53130cf9ac7cc22dd34 Mon Sep 17 00:00:00 2001 From: XianzheTM Date: Thu, 27 Jul 2023 05:07:29 +0800 Subject: [PATCH 050/105] fix(sso): Set redirectURI for gitea, google, oauth Dex connectors (#11237) Signed-off-by: ylxianzhe Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- util/dex/config.go | 2 +- util/dex/dex_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/util/dex/config.go b/util/dex/config.go index 6f09eb2c46080..44d853674b19b 100644 --- a/util/dex/config.go +++ b/util/dex/config.go @@ -115,7 +115,7 @@ func GenerateDexConfigYAML(argocdSettings *settings.ArgoCDSettings, disableTls b // https://dexidp.io/docs/connectors/ func needsRedirectURI(connectorType string) bool { switch connectorType { - case "oidc", "saml", "microsoft", "linkedin", "gitlab", "github", "bitbucket-cloud", "openshift": + case "oidc", "saml", "microsoft", "linkedin", "gitlab", "github", "bitbucket-cloud", "openshift", "gitea", "google", "oauth": return true } return false diff --git a/util/dex/dex_test.go b/util/dex/dex_test.go index ed7dc6bc6e45c..a993db3375cb7 100644 --- a/util/dex/dex_test.go +++ b/util/dex/dex_test.go @@ -270,7 +270,7 @@ func Test_GenerateDexConfig(t *testing.T) { }) t.Run("Redirect config", func(t *testing.T) { - types := []string{"oidc", "saml", "microsoft", "linkedin", "gitlab", "github", "bitbucket-cloud"} + types := []string{"oidc", "saml", "microsoft", "linkedin", "gitlab", "github", "bitbucket-cloud", "openshift", "gitea", "google", "oauth"} for _, c := range types { assert.True(t, needsRedirectURI(c)) } From 433ba3678c1da7dc169ea750815b97b77e3ed8c6 Mon Sep 17 00:00:00 2001 From: Geoffrey MUSELLI Date: Thu, 27 Jul 2023 09:06:55 -0400 Subject: [PATCH 051/105] feat(appset): Restrict scm provider urls (#14286) * 9353: Restrict scm provider urls Signed-off-by: gmuselli * 9353: Enforce restriction Signed-off-by: gmuselli * 9353: Fix after review Signed-off-by: gmuselli * 9353: Remove comment Signed-off-by: gmuselli * 9353: Fix units tests Signed-off-by: Geoffrey Muselli * 9353: Code review, update comment Signed-off-by: gmuselli * 9353: Code review, update comment 2 Signed-off-by: gmuselli * 9353: Remove doc issues Signed-off-by: gmuselli * 9353: Fix e2e Signed-off-by: gmuselli * 9353: Fix e2e goTemplate Signed-off-by: gmuselli * 9353: Fix e2e pullRequestGenerator Signed-off-by: gmuselli --------- Signed-off-by: gmuselli Signed-off-by: Geoffrey Muselli --- Makefile | 1 + .../controllers/requeue_after_test.go | 4 +- applicationset/generators/pull_request.go | 22 +- .../generators/pull_request_test.go | 77 +++++++ applicationset/generators/scm_provider.go | 50 ++++- .../generators/scm_provider_test.go | 86 ++++++++ .../commands/applicationset_controller.go | 11 +- .../applicationset/Appset-Any-Namespace.md | 49 ++++- .../operator-manual/argocd-cmd-params-cm.yaml | 5 + ...-applicationset-controller-deployment.yaml | 6 + manifests/core-install.yaml | 6 + manifests/ha/install.yaml | 6 + manifests/ha/namespace-install.yaml | 6 + manifests/install.yaml | 6 + manifests/namespace-install.yaml | 6 + test/e2e/applicationset_test.go | 205 +++++++++++++++++- 16 files changed, 520 insertions(+), 26 deletions(-) diff --git a/Makefile b/Makefile index d75fd364e31d9..4c119188105b9 100644 --- a/Makefile +++ b/Makefile @@ -460,6 +460,7 @@ start-e2e-local: mod-vendor-local dep-ui-local cli-local BIN_MODE=$(ARGOCD_BIN_MODE) \ ARGOCD_APPLICATION_NAMESPACES=argocd-e2e-external \ ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES=argocd-e2e-external \ + ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS=http://127.0.0.1:8341,http://127.0.0.1:8342,http://127.0.0.1:8343,http://127.0.0.1:8344 \ ARGOCD_E2E_TEST=true \ goreman -f $(ARGOCD_PROCFILE) start ${ARGOCD_START} diff --git a/applicationset/controllers/requeue_after_test.go b/applicationset/controllers/requeue_after_test.go index a831b70ed2275..da6b0b10b47df 100644 --- a/applicationset/controllers/requeue_after_test.go +++ b/applicationset/controllers/requeue_after_test.go @@ -60,9 +60,9 @@ func TestRequeueAfter(t *testing.T) { "List": generators.NewListGenerator(), "Clusters": generators.NewClusterGenerator(k8sClient, ctx, appClientset, "argocd"), "Git": generators.NewGitGenerator(mockServer), - "SCMProvider": generators.NewSCMProviderGenerator(fake.NewClientBuilder().WithObjects(&corev1.Secret{}).Build(), generators.SCMAuthProviders{}, ""), + "SCMProvider": generators.NewSCMProviderGenerator(fake.NewClientBuilder().WithObjects(&corev1.Secret{}).Build(), generators.SCMAuthProviders{}, "", []string{""}), "ClusterDecisionResource": generators.NewDuckTypeGenerator(ctx, fakeDynClient, appClientset, "argocd"), - "PullRequest": generators.NewPullRequestGenerator(k8sClient, generators.SCMAuthProviders{}, ""), + "PullRequest": generators.NewPullRequestGenerator(k8sClient, generators.SCMAuthProviders{}, "", []string{""}), } nestedGenerators := map[string]generators.Generator{ diff --git a/applicationset/generators/pull_request.go b/applicationset/generators/pull_request.go index d861010daa65e..c024f1b723919 100644 --- a/applicationset/generators/pull_request.go +++ b/applicationset/generators/pull_request.go @@ -26,13 +26,15 @@ type PullRequestGenerator struct { selectServiceProviderFunc func(context.Context, *argoprojiov1alpha1.PullRequestGenerator, *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error) auth SCMAuthProviders scmRootCAPath string + allowedSCMProviders []string } -func NewPullRequestGenerator(client client.Client, auth SCMAuthProviders, scmRootCAPath string) Generator { +func NewPullRequestGenerator(client client.Client, auth SCMAuthProviders, scmRootCAPath string, allowedScmProviders []string) Generator { g := &PullRequestGenerator{ - client: client, - auth: auth, - scmRootCAPath: scmRootCAPath, + client: client, + auth: auth, + scmRootCAPath: scmRootCAPath, + allowedSCMProviders: allowedScmProviders, } g.selectServiceProviderFunc = g.selectServiceProvider return g @@ -120,10 +122,16 @@ func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha // selectServiceProvider selects the provider to get pull requests from the configuration func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, generatorConfig *argoprojiov1alpha1.PullRequestGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error) { if generatorConfig.Github != nil { + if !ScmProviderAllowed(applicationSetInfo, generatorConfig.Github.API, g.allowedSCMProviders) { + return nil, fmt.Errorf("scm provider not allowed: %s", generatorConfig.Github.API) + } return g.github(ctx, generatorConfig.Github, applicationSetInfo) } if generatorConfig.GitLab != nil { providerConfig := generatorConfig.GitLab + if !ScmProviderAllowed(applicationSetInfo, providerConfig.API, g.allowedSCMProviders) { + return nil, fmt.Errorf("scm provider not allowed: %s", providerConfig.API) + } token, err := g.getSecretRef(ctx, providerConfig.TokenRef, applicationSetInfo.Namespace) if err != nil { return nil, fmt.Errorf("error fetching Secret token: %v", err) @@ -132,6 +140,9 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera } if generatorConfig.Gitea != nil { providerConfig := generatorConfig.Gitea + if !ScmProviderAllowed(applicationSetInfo, providerConfig.API, g.allowedSCMProviders) { + return nil, fmt.Errorf("scm provider not allowed: %s", generatorConfig.Gitea.API) + } token, err := g.getSecretRef(ctx, providerConfig.TokenRef, applicationSetInfo.Namespace) if err != nil { return nil, fmt.Errorf("error fetching Secret token: %v", err) @@ -140,6 +151,9 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera } if generatorConfig.BitbucketServer != nil { providerConfig := generatorConfig.BitbucketServer + if !ScmProviderAllowed(applicationSetInfo, providerConfig.API, g.allowedSCMProviders) { + return nil, fmt.Errorf("scm provider not allowed: %s", providerConfig.API) + } if providerConfig.BasicAuth != nil { password, err := g.getSecretRef(ctx, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace) if err != nil { diff --git a/applicationset/generators/pull_request_test.go b/applicationset/generators/pull_request_test.go index eb0b3bcdd8a90..72017f522946e 100644 --- a/applicationset/generators/pull_request_test.go +++ b/applicationset/generators/pull_request_test.go @@ -273,3 +273,80 @@ func TestPullRequestGetSecretRef(t *testing.T) { }) } } + +func TestAllowedSCMProviderPullRequest(t *testing.T) { + cases := []struct { + name string + providerConfig *argoprojiov1alpha1.PullRequestGenerator + expectedError string + }{ + { + name: "Error Github", + providerConfig: &argoprojiov1alpha1.PullRequestGenerator{ + Github: &argoprojiov1alpha1.PullRequestGeneratorGithub{ + API: "https://myservice.mynamespace.svc.cluster.local", + }, + }, + expectedError: "failed to select pull request service provider: scm provider not allowed: https://myservice.mynamespace.svc.cluster.local", + }, + { + name: "Error Gitlab", + providerConfig: &argoprojiov1alpha1.PullRequestGenerator{ + GitLab: &argoprojiov1alpha1.PullRequestGeneratorGitLab{ + API: "https://myservice.mynamespace.svc.cluster.local", + }, + }, + expectedError: "failed to select pull request service provider: scm provider not allowed: https://myservice.mynamespace.svc.cluster.local", + }, + { + name: "Error Gitea", + providerConfig: &argoprojiov1alpha1.PullRequestGenerator{ + Gitea: &argoprojiov1alpha1.PullRequestGeneratorGitea{ + API: "https://myservice.mynamespace.svc.cluster.local", + }, + }, + expectedError: "failed to select pull request service provider: scm provider not allowed: https://myservice.mynamespace.svc.cluster.local", + }, + { + name: "Error Bitbucket", + providerConfig: &argoprojiov1alpha1.PullRequestGenerator{ + BitbucketServer: &argoprojiov1alpha1.PullRequestGeneratorBitbucketServer{ + API: "https://myservice.mynamespace.svc.cluster.local", + }, + }, + expectedError: "failed to select pull request service provider: scm provider not allowed: https://myservice.mynamespace.svc.cluster.local", + }, + } + + for _, testCase := range cases { + testCaseCopy := testCase + + t.Run(testCaseCopy.name, func(t *testing.T) { + t.Parallel() + + pullRequestGenerator := NewPullRequestGenerator(nil, SCMAuthProviders{}, "", []string{ + "github.myorg.com", + "gitlab.myorg.com", + "gitea.myorg.com", + "bitbucket.myorg.com", + "azuredevops.myorg.com", + }) + + applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "set", + }, + Spec: argoprojiov1alpha1.ApplicationSetSpec{ + Generators: []argoprojiov1alpha1.ApplicationSetGenerator{{ + PullRequest: testCaseCopy.providerConfig, + }}, + }, + } + + _, err := pullRequestGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo) + + assert.Error(t, err, "Must return an error") + assert.Equal(t, testCaseCopy.expectedError, err.Error()) + }) + } +} diff --git a/applicationset/generators/scm_provider.go b/applicationset/generators/scm_provider.go index 34742f4822ef8..67ea279b3fb39 100644 --- a/applicationset/generators/scm_provider.go +++ b/applicationset/generators/scm_provider.go @@ -9,9 +9,12 @@ import ( corev1 "k8s.io/api/core/v1" "sigs.k8s.io/controller-runtime/pkg/client" + log "github.com/sirupsen/logrus" + "github.com/argoproj/argo-cd/v2/applicationset/services/github_app_auth" "github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider" "github.com/argoproj/argo-cd/v2/applicationset/utils" + "github.com/argoproj/argo-cd/v2/common" argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) @@ -26,18 +29,20 @@ type SCMProviderGenerator struct { // Testing hooks. overrideProvider scm_provider.SCMProviderService SCMAuthProviders - scmRootCAPath string + scmRootCAPath string + allowedSCMProviders []string } type SCMAuthProviders struct { GitHubApps github_app_auth.Credentials } -func NewSCMProviderGenerator(client client.Client, providers SCMAuthProviders, scmRootCAPath string) Generator { +func NewSCMProviderGenerator(client client.Client, providers SCMAuthProviders, scmRootCAPath string, allowedSCMProviders []string) Generator { return &SCMProviderGenerator{ - client: client, - SCMAuthProviders: providers, - scmRootCAPath: scmRootCAPath, + client: client, + SCMAuthProviders: providers, + scmRootCAPath: scmRootCAPath, + allowedSCMProviders: allowedSCMProviders, } } @@ -60,6 +65,26 @@ func (g *SCMProviderGenerator) GetTemplate(appSetGenerator *argoprojiov1alpha1.A return &appSetGenerator.SCMProvider.Template } +func ScmProviderAllowed(applicationSetInfo *argoprojiov1alpha1.ApplicationSet, url string, allowedScmProviders []string) bool { + if url == "" || len(allowedScmProviders) == 0 { + return true + } + + for _, allowedScmProvider := range allowedScmProviders { + if url == allowedScmProvider { + return true + } + } + + log.WithFields(log.Fields{ + common.SecurityField: common.SecurityMedium, + "applicationset": applicationSetInfo.Name, + "appSetNamespace": applicationSetInfo.Namespace, + }).Debugf("attempted to use disallowed SCM %q", url) + + return false +} + func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet) ([]map[string]interface{}, error) { if appSetGenerator == nil { return nil, EmptyAppSetGeneratorError @@ -77,12 +102,18 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha if g.overrideProvider != nil { provider = g.overrideProvider } else if providerConfig.Github != nil { + if !ScmProviderAllowed(applicationSetInfo, providerConfig.Github.API, g.allowedSCMProviders) { + return nil, fmt.Errorf("scm provider not allowed: %s", providerConfig.Github.API) + } var err error provider, err = g.githubProvider(ctx, providerConfig.Github, applicationSetInfo) if err != nil { return nil, fmt.Errorf("scm provider: %w", err) } } else if providerConfig.Gitlab != nil { + if !ScmProviderAllowed(applicationSetInfo, providerConfig.Gitlab.API, g.allowedSCMProviders) { + return nil, fmt.Errorf("scm provider not allowed: %s", providerConfig.Gitlab.API) + } token, err := g.getSecretRef(ctx, providerConfig.Gitlab.TokenRef, applicationSetInfo.Namespace) if err != nil { return nil, fmt.Errorf("error fetching Gitlab token: %v", err) @@ -92,6 +123,9 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha return nil, fmt.Errorf("error initializing Gitlab service: %v", err) } } else if providerConfig.Gitea != nil { + if !ScmProviderAllowed(applicationSetInfo, providerConfig.Gitea.API, g.allowedSCMProviders) { + return nil, fmt.Errorf("scm provider not allowed: %s", providerConfig.Gitea.API) + } token, err := g.getSecretRef(ctx, providerConfig.Gitea.TokenRef, applicationSetInfo.Namespace) if err != nil { return nil, fmt.Errorf("error fetching Gitea token: %v", err) @@ -102,6 +136,9 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha } } else if providerConfig.BitbucketServer != nil { providerConfig := providerConfig.BitbucketServer + if !ScmProviderAllowed(applicationSetInfo, providerConfig.API, g.allowedSCMProviders) { + return nil, fmt.Errorf("scm provider not allowed: %s", providerConfig.API) + } var scmError error if providerConfig.BasicAuth != nil { password, err := g.getSecretRef(ctx, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace) @@ -116,6 +153,9 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha return nil, fmt.Errorf("error initializing Bitbucket Server service: %v", scmError) } } else if providerConfig.AzureDevOps != nil { + if !ScmProviderAllowed(applicationSetInfo, providerConfig.AzureDevOps.API, g.allowedSCMProviders) { + return nil, fmt.Errorf("scm provider not allowed: %s", providerConfig.AzureDevOps.API) + } token, err := g.getSecretRef(ctx, providerConfig.AzureDevOps.AccessTokenRef, applicationSetInfo.Namespace) if err != nil { return nil, fmt.Errorf("error fetching Azure Devops access token: %v", err) diff --git a/applicationset/generators/scm_provider_test.go b/applicationset/generators/scm_provider_test.go index d51cb2703ad7f..4dcb8fdf3ce6f 100644 --- a/applicationset/generators/scm_provider_test.go +++ b/applicationset/generators/scm_provider_test.go @@ -200,3 +200,89 @@ func TestSCMProviderGenerateParams(t *testing.T) { }) } } + +func TestAllowedSCMProvider(t *testing.T) { + cases := []struct { + name string + providerConfig *argoprojiov1alpha1.SCMProviderGenerator + expectedError string + }{ + { + name: "Error Github", + providerConfig: &argoprojiov1alpha1.SCMProviderGenerator{ + Github: &argoprojiov1alpha1.SCMProviderGeneratorGithub{ + API: "https://myservice.mynamespace.svc.cluster.local", + }, + }, + expectedError: "scm provider not allowed: https://myservice.mynamespace.svc.cluster.local", + }, + { + name: "Error Gitlab", + providerConfig: &argoprojiov1alpha1.SCMProviderGenerator{ + Gitlab: &argoprojiov1alpha1.SCMProviderGeneratorGitlab{ + API: "https://myservice.mynamespace.svc.cluster.local", + }, + }, + expectedError: "scm provider not allowed: https://myservice.mynamespace.svc.cluster.local", + }, + { + name: "Error Gitea", + providerConfig: &argoprojiov1alpha1.SCMProviderGenerator{ + Gitea: &argoprojiov1alpha1.SCMProviderGeneratorGitea{ + API: "https://myservice.mynamespace.svc.cluster.local", + }, + }, + expectedError: "scm provider not allowed: https://myservice.mynamespace.svc.cluster.local", + }, + { + name: "Error Bitbucket", + providerConfig: &argoprojiov1alpha1.SCMProviderGenerator{ + BitbucketServer: &argoprojiov1alpha1.SCMProviderGeneratorBitbucketServer{ + API: "https://myservice.mynamespace.svc.cluster.local", + }, + }, + expectedError: "scm provider not allowed: https://myservice.mynamespace.svc.cluster.local", + }, + { + name: "Error AzureDevops", + providerConfig: &argoprojiov1alpha1.SCMProviderGenerator{ + AzureDevOps: &argoprojiov1alpha1.SCMProviderGeneratorAzureDevOps{ + API: "https://myservice.mynamespace.svc.cluster.local", + }, + }, + expectedError: "scm provider not allowed: https://myservice.mynamespace.svc.cluster.local", + }, + } + + for _, testCase := range cases { + testCaseCopy := testCase + + t.Run(testCaseCopy.name, func(t *testing.T) { + t.Parallel() + + scmGenerator := &SCMProviderGenerator{allowedSCMProviders: []string{ + "github.myorg.com", + "gitlab.myorg.com", + "gitea.myorg.com", + "bitbucket.myorg.com", + "azuredevops.myorg.com", + }} + + applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "set", + }, + Spec: argoprojiov1alpha1.ApplicationSetSpec{ + Generators: []argoprojiov1alpha1.ApplicationSetGenerator{{ + SCMProvider: testCaseCopy.providerConfig, + }}, + }, + } + + _, err := scmGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo) + + assert.Error(t, err, "Must return an error") + assert.Equal(t, testCaseCopy.expectedError, err.Error()) + }) + } +} diff --git a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go index f873c912d4f73..1226202de7e01 100644 --- a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go +++ b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go @@ -65,6 +65,7 @@ func NewCommand() *cobra.Command { repoServerTimeoutSeconds int maxConcurrentReconciliations int scmRootCAPath string + allowedScmProviders []string ) scheme := runtime.NewScheme() _ = clientgoscheme.AddToScheme(scheme) @@ -97,7 +98,7 @@ func NewCommand() *cobra.Command { policyObj, exists := utils.Policies[policy] if !exists { - log.Info("Policy value can be: sync, create-only, create-update, create-delete, default value: sync") + log.Error("Policy value can be: sync, create-only, create-update, create-delete, default value: sync") os.Exit(1) } @@ -107,6 +108,9 @@ func NewCommand() *cobra.Command { // If the applicationset-namespaces contains only one namespace it corresponds to the current namespace if len(applicationSetNamespaces) == 1 { watchedNamespace = (applicationSetNamespaces)[0] + } else if len(allowedScmProviders) == 0 { + log.Error("When enabling applicationset in any namespace using applicationset-namespaces, allowed-scm-providers is required") + os.Exit(1) } mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ @@ -159,9 +163,9 @@ func NewCommand() *cobra.Command { "List": generators.NewListGenerator(), "Clusters": generators.NewClusterGenerator(mgr.GetClient(), ctx, k8sClient, namespace), "Git": generators.NewGitGenerator(argoCDService), - "SCMProvider": generators.NewSCMProviderGenerator(mgr.GetClient(), scmAuth, scmRootCAPath), + "SCMProvider": generators.NewSCMProviderGenerator(mgr.GetClient(), scmAuth, scmRootCAPath, allowedScmProviders), "ClusterDecisionResource": generators.NewDuckTypeGenerator(ctx, dynamicClient, k8sClient, namespace), - "PullRequest": generators.NewPullRequestGenerator(mgr.GetClient(), scmAuth, scmRootCAPath), + "PullRequest": generators.NewPullRequestGenerator(mgr.GetClient(), scmAuth, scmRootCAPath, allowedScmProviders), "Plugin": generators.NewPluginGenerator(mgr.GetClient(), ctx, k8sClient, namespace), } @@ -241,6 +245,7 @@ func NewCommand() *cobra.Command { command.Flags().BoolVar(&debugLog, "debug", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG", false), "Print debug logs. Takes precedence over loglevel") command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT", "text"), "Set the logging format. One of: text|json") command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error") + command.Flags().StringSliceVar(&allowedScmProviders, "allowed-scm-providers", env.StringsFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS", []string{}, ","), "The list of allowed scm providers. (Default: Empty = all)") command.Flags().BoolVar(&dryRun, "dry-run", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN", false), "Enable dry run mode") command.Flags().BoolVar(&enableProgressiveSyncs, "enable-progressive-syncs", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS", false), "Enable use of the experimental progressive syncs feature.") command.Flags().BoolVar(&enableNewGitFileGlobbing, "enable-new-git-file-globbing", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING", false), "Enable new globbing in Git files generator.") diff --git a/docs/operator-manual/applicationset/Appset-Any-Namespace.md b/docs/operator-manual/applicationset/Appset-Any-Namespace.md index adf694f655f13..494b36dbdcf36 100644 --- a/docs/operator-manual/applicationset/Appset-Any-Namespace.md +++ b/docs/operator-manual/applicationset/Appset-Any-Namespace.md @@ -23,7 +23,48 @@ This feature needs [App in any namespace](../app-any-namespace.md) feature activ This feature can only be enabled and used when your Argo CD ApplicationSet controller is installed as a cluster-wide instance, so it has permissions to list and manipulate resources on a cluster scope. It will *not* work with an Argo CD installed in namespace-scoped mode. -## Implementation details +### SCM Providers secrets consideration + +By allowing ApplicationSet in any namespace you must be aware that any secrets can be exfiltrated using `scmProvider` or `pullRequest` generators. + +Here is an example: + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: myapps +spec: + generators: + - scmProvider: + gitea: + # The Gitea owner to scan. + owner: myorg + # With this malicious setting, user can send all request to a Pod that will log incoming requests including headers with tokens + api: http://my-service.my-namespace.svc.cluster.local + # If true, scan every branch of every repository. If false, scan only the default branch. Defaults to false. + allBranches: true + # By changing this token reference, user can exfiltrate any secrets + tokenRef: + secretName: gitea-token + key: token + template: +``` + +Therefore administrator must restrict the urls of the allowed SCM Providers (example: `https://git.mydomain.com/,https://gitlab.mydomain.com/`) by setting the environment variable `ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS` to argocd-cmd-params-cm `applicationsetcontroller.allowed.scm.providers`. If another url is used, it will be rejected by the applicationset controller. + + +For example: +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cmd-params-cm +data: + applicationsetcontroller.allowed.scm.providers: https://git.mydomain.com/,https://gitlab.mydomain.com/ +``` + +> Please note url used in the `api` field of the `ApplicationSet` must match the url declared by the Administrator including the protocol ### Overview @@ -163,9 +204,9 @@ For other operations such as `POST` and `PUT`, the `appNamespace` parameter must For `ApplicationSet` resources in the control plane namespace, this parameter can be omitted. -## Secrets consideration +## Clusters secrets consideration -By allowing ApplicationSet in any namespace you must be aware that clusters, API token secrets (etc...) can be discovered and used. +By allowing ApplicationSet in any namespace you must be aware that clusters can be discovered and used. Example: @@ -177,4 +218,4 @@ spec: - clusters: {} # Automatically use all clusters defined within Argo CD ``` -If you don't want to allow users to discover secrets with ApplicationSets from other namespaces you may consider deploying ArgoCD in namespace scope or use OPA rules. \ No newline at end of file +If you don't want to allow users to discover all clusters with ApplicationSets from other namespaces you may consider deploying ArgoCD in namespace scope or use OPA rules. \ No newline at end of file diff --git a/docs/operator-manual/argocd-cmd-params-cm.yaml b/docs/operator-manual/argocd-cmd-params-cm.yaml index 7dae71629995a..d4a754f0e44b9 100644 --- a/docs/operator-manual/argocd-cmd-params-cm.yaml +++ b/docs/operator-manual/argocd-cmd-params-cm.yaml @@ -179,6 +179,11 @@ data: applicationsetcontroller.namespaces: "argocd,argocd-appsets-*" # Path of the self-signed TLS certificate for SCM/PR Gitlab Generator applicationsetcontroller.scm.root.ca.path: "" + # A comma separated list of allowed SCM providers (default "" is all SCM providers). + # Setting this field is required when using ApplicationSets-in-any-namespace, to prevent users from + # sending secrets from `tokenRef`s to disallowed `api` domains. + # The url used in the scm generator must exactly match one in the list + applicationsetcontroller.allowed.scm.providers: "https://git.example.com/,https://gitlab.example.com/" ## Argo CD Notifications Controller Properties # Set the logging level. One of: debug|info|warn|error (default "info") diff --git a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml index e6dde8de5cbf4..0532408c041d0 100644 --- a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml +++ b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml @@ -133,6 +133,12 @@ spec: key: applicationsetcontroller.scm.root.ca.path name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.allowed.scm.providers + optional: true volumeMounts: - mountPath: /app/config/ssh name: ssh-known-hosts diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index b0bc7f13f3764..457eee57e50bb 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -18874,6 +18874,12 @@ spec: key: applicationsetcontroller.scm.root.ca.path name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.allowed.scm.providers + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-applicationset-controller diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 68b53246c0d32..20a2c649b2756 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -20111,6 +20111,12 @@ spec: key: applicationsetcontroller.scm.root.ca.path name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.allowed.scm.providers + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-applicationset-controller diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index 6b9adc7d08071..fc602ccaa124e 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -1629,6 +1629,12 @@ spec: key: applicationsetcontroller.scm.root.ca.path name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.allowed.scm.providers + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-applicationset-controller diff --git a/manifests/install.yaml b/manifests/install.yaml index d9c3fc9d4eb14..31bbd7d8d828c 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -19212,6 +19212,12 @@ spec: key: applicationsetcontroller.scm.root.ca.path name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.allowed.scm.providers + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-applicationset-controller diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index 9041dc52b3814..fec1f4214741f 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -730,6 +730,12 @@ spec: key: applicationsetcontroller.scm.root.ca.path name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.allowed.scm.providers + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-applicationset-controller diff --git a/test/e2e/applicationset_test.go b/test/e2e/applicationset_test.go index 7cabe65a5637b..80c406c1b62a3 100644 --- a/test/e2e/applicationset_test.go +++ b/test/e2e/applicationset_test.go @@ -1,7 +1,9 @@ package e2e import ( + "fmt" "io" + "net" "net/http" "net/http/httptest" "strings" @@ -15,9 +17,11 @@ import ( "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/test/e2e/fixture" + . "github.com/argoproj/argo-cd/v2/test/e2e/fixture/applicationsets" "github.com/argoproj/argo-cd/v2/test/e2e/fixture/applicationsets/utils" . "github.com/argoproj/argo-cd/v2/util/errors" + "github.com/stretchr/testify/assert" "github.com/argoproj/argo-cd/v2/pkg/apis/application" ) @@ -1441,11 +1445,28 @@ func githubSCMMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) } } -func TestSimpleSCMProviderGenerator(t *testing.T) { +func testServerWithPort(t *testing.T, port int, handler http.Handler) *httptest.Server { // Use mocked API response to avoid rate-limiting. - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + l, err := net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", port)) + if err != nil { + t.Error(fmt.Errorf("Unable to start server %w", err)) + } + + ts := httptest.NewUnstartedServer(handler) + + ts.Listener.Close() + ts.Listener = l + + return ts +} + +func TestSimpleSCMProviderGenerator(t *testing.T) { + + ts := testServerWithPort(t, 8341, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { githubSCMMockHandler(t)(w, r) })) + ts.Start() + defer ts.Close() expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ @@ -1518,10 +1539,11 @@ func TestSimpleSCMProviderGenerator(t *testing.T) { } func TestSimpleSCMProviderGeneratorGoTemplate(t *testing.T) { - // Use mocked API response to avoid rate-limiting. - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + ts := testServerWithPort(t, 8342, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { githubSCMMockHandler(t)(w, r) })) + ts.Start() + defer ts.Close() expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ @@ -1594,6 +1616,84 @@ func TestSimpleSCMProviderGeneratorGoTemplate(t *testing.T) { }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{expectedApp})) } +func TestSCMProviderGeneratorSCMProviderNotAllowed(t *testing.T) { + expectedApp := argov1alpha1.Application{ + TypeMeta: metav1.TypeMeta{ + Kind: application.ApplicationKind, + APIVersion: "argoproj.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "argo-cd-guestbook", + Namespace: fixture.TestNamespace(), + Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-scm-provider-generator", + }, + }, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "git@github.com:argoproj/argo-cd.git", + TargetRevision: "master", + Path: "guestbook", + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "guestbook", + }, + }, + } + + // Because you can't &"". + repoMatch := "argo-cd" + + Given(t). + // Create an SCMProviderGenerator-based ApplicationSet + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "scm-provider-generator-scm-provider-not-allowed", + }, + Spec: v1alpha1.ApplicationSetSpec{ + GoTemplate: true, + Template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{ .repository }}-guestbook"}, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "{{ .url }}", + TargetRevision: "{{ .branch }}", + Path: "guestbook", + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "guestbook", + }, + }, + }, + Generators: []v1alpha1.ApplicationSetGenerator{ + { + SCMProvider: &v1alpha1.SCMProviderGenerator{ + Github: &v1alpha1.SCMProviderGeneratorGithub{ + Organization: "argoproj", + API: "http://myservice.mynamespace.svc.cluster.local", + }, + Filters: []v1alpha1.SCMProviderGeneratorFilter{ + { + RepositoryMatch: &repoMatch, + }, + }, + }, + }, + }, + }, + }).Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{expectedApp})). + And(func() { + // app should be listed + output, err := fixture.RunCli("appset", "get", "scm-provider-generator-scm-provider-not-allowed") + assert.NoError(t, err) + assert.Contains(t, output, "scm provider not allowed: http://myservice.mynamespace.svc.cluster.local") + }) +} + func TestCustomApplicationFinalizers(t *testing.T) { expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ @@ -1766,11 +1866,14 @@ func githubPullMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request } func TestSimplePullRequestGenerator(t *testing.T) { - // Use mocked API response to avoid rate-limiting. - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + + ts := testServerWithPort(t, 8343, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { githubPullMockHandler(t)(w, r) })) + ts.Start() + defer ts.Close() + expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ Kind: application.ApplicationKind, @@ -1844,11 +1947,13 @@ func TestSimplePullRequestGenerator(t *testing.T) { } func TestSimplePullRequestGeneratorGoTemplate(t *testing.T) { - // Use mocked API response to avoid rate-limiting. - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + ts := testServerWithPort(t, 8344, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { githubPullMockHandler(t)(w, r) })) + ts.Start() + defer ts.Close() + expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ Kind: application.ApplicationKind, @@ -1925,6 +2030,90 @@ func TestSimplePullRequestGeneratorGoTemplate(t *testing.T) { }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{expectedApp})) } +func TestPullRequestGeneratorNotAllowedSCMProvider(t *testing.T) { + + expectedApp := argov1alpha1.Application{ + TypeMeta: metav1.TypeMeta{ + Kind: application.ApplicationKind, + APIVersion: "argoproj.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "guestbook-1", + Namespace: fixture.TestNamespace(), + Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + "app": "preview", + LabelKeyAppSetInstance: "simple-pull-request-generator", + }, + }, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "git@github.com:applicationset-test-org/argocd-example-apps.git", + TargetRevision: "824a5c987fdfb2b0629e9dbf5f31636c69ba4772", + Path: "kustomize-guestbook", + Kustomize: &argov1alpha1.ApplicationSourceKustomize{ + NamePrefix: "guestbook-1", + }, + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "guestbook-pull-request", + }, + }, + } + + Given(t). + // Create an PullRequestGenerator-based ApplicationSet + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "pull-request-generator-not-allowed-scm", + }, + Spec: v1alpha1.ApplicationSetSpec{ + GoTemplate: true, + Template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ + Name: "guestbook-{{ .number }}", + Labels: map[string]string{"app": "{{index .labels 0}}"}}, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "git@github.com:applicationset-test-org/argocd-example-apps.git", + TargetRevision: "{{ .head_sha }}", + Path: "kustomize-guestbook", + Kustomize: &argov1alpha1.ApplicationSourceKustomize{ + NamePrefix: "guestbook-{{ .number }}", + }, + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "guestbook-{{ .branch }}", + }, + }, + }, + Generators: []v1alpha1.ApplicationSetGenerator{ + { + PullRequest: &v1alpha1.PullRequestGenerator{ + Github: &v1alpha1.PullRequestGeneratorGithub{ + API: "http://myservice.mynamespace.svc.cluster.local", + Owner: "applicationset-test-org", + Repo: "argocd-example-apps", + Labels: []string{ + "preview", + }, + }, + }, + }, + }, + }, + }).Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{expectedApp})). + And(func() { + // app should be listed + output, err := fixture.RunCli("appset", "get", "pull-request-generator-not-allowed-scm") + assert.NoError(t, err) + assert.Contains(t, output, "failed to select pull request service provider: scm provider not allowed: http://myservice.mynamespace.svc.cluster.local") + }) +} + func TestGitGeneratorPrivateRepo(t *testing.T) { FailOnErr(fixture.RunCli("repo", "add", fixture.RepoURL(fixture.RepoURLTypeHTTPS), "--username", fixture.GitUsername, "--password", fixture.GitPassword, "--insecure-skip-server-verification")) generateExpectedApp := func(name string) argov1alpha1.Application { From 89931c182613c1d7f080c5eb776b0245177447e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Jul 2023 12:33:32 -0400 Subject: [PATCH 052/105] chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 (#14744) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.8.0 to 5.8.1. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.8.0...v5.8.1) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 9 +++++---- go.sum | 17 ++++++++++------- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index 7dfeb02e13e9d..d7c12a7eb216e 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/evanphx/json-patch v5.6.0+incompatible github.com/fsnotify/fsnotify v1.6.0 github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e - github.com/go-git/go-git/v5 v5.8.0 + github.com/go-git/go-git/v5 v5.8.1 github.com/go-logr/logr v1.2.4 github.com/go-openapi/loads v0.21.2 github.com/go-openapi/runtime v0.26.0 @@ -105,6 +105,7 @@ require ( ) require ( + dario.cat/mergo v1.0.0 // indirect github.com/tidwall/gjson v1.14.4 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.0 // indirect @@ -124,9 +125,9 @@ require ( github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd // indirect github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Microsoft/go-winio v0.5.2 // indirect + github.com/Microsoft/go-winio v0.6.1 // indirect github.com/PagerDuty/go-pagerduty v1.6.0 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 // indirect github.com/acomagu/bufpipe v1.0.4 // indirect github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a // indirect @@ -219,7 +220,7 @@ require ( github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sergi/go-diff v1.1.0 // indirect github.com/shopspring/decimal v1.2.0 // indirect - github.com/skeema/knownhosts v1.1.1 // indirect + github.com/skeema/knownhosts v1.2.0 // indirect github.com/slack-go/slack v0.12.1 // indirect github.com/spf13/cast v1.5.0 // indirect github.com/stretchr/objx v0.5.0 // indirect diff --git a/go.sum b/go.sum index 642289c8820a1..b9e7c2069a0fc 100644 --- a/go.sum +++ b/go.sum @@ -602,6 +602,8 @@ cloud.google.com/go/workflows v1.10.0/go.mod h1:fZ8LmRmZQWacon9UCX1r/g/DfAXx5VcP code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE= code.gitea.io/sdk/gitea v0.15.1 h1:WJreC7YYuxbn0UDaPuWIe/mtiNKTvLN8MLkaw71yx/M= code.gitea.io/sdk/gitea v0.15.1/go.mod h1:klY2LVI3s3NChzIk/MzMn7G1FHrfU7qd63iSMVoHRBA= +dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= +dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= dmitri.shuralyov.com/gpu/mtl v0.0.0-20201218220906-28db891af037/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= @@ -645,8 +647,9 @@ github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/Microsoft/go-winio v0.4.15/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= -github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= +github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= +github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.8.22/go.mod h1:91uVCVzvX2QD16sMCenoxxXo6L1wJnLMX2PSufFMtF0= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= @@ -654,8 +657,8 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE github.com/PagerDuty/go-pagerduty v1.6.0 h1:am81SzvG5Pw+s3JZ5yEy6kGvsXXklTNRrGr3d8WKpsU= github.com/PagerDuty/go-pagerduty v1.6.0/go.mod h1:7eaBLzsDpK7VUvU0SJ5mohczQkoWrrr5CjDaw5gh1as= github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= -github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 h1:ZK3C5DtzV2nVAQTx5S5jQvMeDqWtD1By5mOoyY/xJek= -github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE= +github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 h1:KLq8BE0KwCL+mmXnjLWEAOYO+2l2AE4YMmqG1ZpZHBs= +github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 h1:prBTRx78AQnXzivNT9Crhu564W/zPPr3ibSlpT9xKcE= @@ -948,8 +951,8 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmS github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4= github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8= -github.com/go-git/go-git/v5 v5.8.0 h1:Rc543s6Tyq+YcyPwZRvU4jzZGM8rB/wWu94TnTIYALQ= -github.com/go-git/go-git/v5 v5.8.0/go.mod h1:coJHKEOk5kUClpsNlXrUvPrDxY3w3gjHvhcZd8Fodw8= +github.com/go-git/go-git/v5 v5.8.1 h1:Zo79E4p7TRk0xoRgMq0RShiTHGKcKI4+DI6BfJc/Q+A= +github.com/go-git/go-git/v5 v5.8.1/go.mod h1:FHFuoD6yGz5OSKEBK+aWN9Oah0q54Jxl0abmj6GnqAo= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -1695,8 +1698,8 @@ github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic github.com/sirupsen/logrus v1.9.2/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/skeema/knownhosts v1.1.1 h1:MTk78x9FPgDFVFkDLTrsnnfCJl7g1C/nnKvePgrIngE= -github.com/skeema/knownhosts v1.1.1/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= +github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM= +github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c h1:fyKiXKO1/I/B6Y2U8T7WdQGWzwehOuGIrljPtt7YTTI= github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= github.com/slack-go/slack v0.12.1 h1:X97b9g2hnITDtNsNe5GkGx6O2/Sz/uC20ejRZN6QxOw= From 5f8fc55094561535037adb907b0c93b4b2c53234 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Jul 2023 12:33:54 -0400 Subject: [PATCH 053/105] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.305 to 1.44.309 (#14746) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.305 to 1.44.309. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.305...v1.44.309) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d7c12a7eb216e..d2cd70946e762 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230607163028-425d65e07695 github.com/argoproj/notifications-engine v0.4.1-0.20230620204159-3446d4ae8520 github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 - github.com/aws/aws-sdk-go v1.44.305 + github.com/aws/aws-sdk-go v1.44.309 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 diff --git a/go.sum b/go.sum index b9e7c2069a0fc..b821d5ca84d7a 100644 --- a/go.sum +++ b/go.sum @@ -719,8 +719,8 @@ github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.305 h1:fU/5lY3WyBjGU9fkmQYd8o4fZu+2RaOv/i+sPaJVvFg= -github.com/aws/aws-sdk-go v1.44.305/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.309 h1:IPJOFBzXekakxmEpDwd4RTKmmBR6LIAiXgNsM51bWbU= +github.com/aws/aws-sdk-go v1.44.309/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= From 9a47a765f879d3e4638148777152889322a5ae63 Mon Sep 17 00:00:00 2001 From: Blake Pettersson Date: Thu, 27 Jul 2023 20:48:33 +0200 Subject: [PATCH 054/105] fix(ui): display valuesobject if set (#14257) * fix: display valuesobject if set With #11538 we now have the ability to set helm values as an object instead of a string, but we also need to be able to correctly display it in the UI if it is set. Signed-off-by: Blake Pettersson * fix: set valuesobject on save If `valuesObject` is present, set it to the value of `input.spec.source.helm.values` on save, as an unmarshaled json string. Signed-off-by: Blake Pettersson * fix: set `helm.values` to empty string on save If `valuesObject` exists, set `input.spec.source.helm.values` to an empty string once `valuesObject` has been unmarshalled from the values input. This is to prevent unnecessary duplication of the values. Signed-off-by: Blake Pettersson * chore: eslint Signed-off-by: Blake Pettersson * chore: eslint Signed-off-by: Blake Pettersson * fix: deep clone app This is so that we can conditionally set `source.helm.values` without inadvertently affecting other parts of the app. Only when the edit button is pressed do we toggle `source.helm.values`. Signed-off-by: Blake Pettersson * chore: eslint Signed-off-by: Blake Pettersson --------- Signed-off-by: Blake Pettersson --- .../application-parameters.tsx | 40 ++++++++++--------- ui/src/app/shared/models.ts | 1 + 2 files changed, 22 insertions(+), 19 deletions(-) diff --git a/ui/src/app/applications/components/application-parameters/application-parameters.tsx b/ui/src/app/applications/components/application-parameters/application-parameters.tsx index f374678540189..27f292ff7d2e8 100644 --- a/ui/src/app/applications/components/application-parameters/application-parameters.tsx +++ b/ui/src/app/applications/components/application-parameters/application-parameters.tsx @@ -26,8 +26,6 @@ import {concatMaps} from '../../../shared/utils'; import {getAppDefaultSource} from '../utils'; import * as jsYaml from 'js-yaml'; -let isValuesRaw = false; - const TextWithMetadataField = ReactFormField((props: {metadata: {value: string}; fieldApi: FieldApi; className: string}) => { const { fieldApi: {getValue, setValue} @@ -128,17 +126,13 @@ export const ApplicationParameters = (props: { save?: (application: models.Application, query: {validate?: boolean}) => Promise; noReadonlyMode?: boolean; }) => { - const app = props.application; + const app = cloneDeep(props.application); const source = getAppDefaultSource(app); const [removedOverrides, setRemovedOverrides] = React.useState(new Array()); let attributes: EditablePanelItem[] = []; - let appValues: string; - if (source && source.helm && source.helm.values) { - isValuesRaw = typeof source.helm.values !== 'string'; // nolint - appValues = isValuesRaw ? jsYaml.safeDump(source.helm.values) : source.helm.values; - source.helm.values = appValues; - } + const isValuesObject = source?.helm?.valuesObject; + const helmValues = isValuesObject ? jsYaml.safeDump(source.helm.valuesObject) : source?.helm?.values; const [appParamsDeletedState, setAppParamsDeletedState] = React.useState([]); if (props.details.type === 'Kustomize' && props.details.kustomize) { @@ -225,16 +219,23 @@ export const ApplicationParameters = (props: { title: 'VALUES', view: source.helm && ( -
{appValues}
+
{helmValues}
), - edit: (formApi: FormApi) => ( -
-
-                        
-                    
-
- ) + edit: (formApi: FormApi) => { + // In case source.helm.valuesObject is set, set source.helm.values to its value + if (source.helm) { + source.helm.values = helmValues; + } + + return ( +
+
+                            
+                        
+
+ ); + } }); const paramsByName = new Map(); (props.details.helm.parameters || []).forEach(param => paramsByName.set(param.name, param)); @@ -527,8 +528,9 @@ export const ApplicationParameters = (props: { params = params.filter(param => !appParamsDeletedState.includes(param.name)); input.spec.source.plugin.parameters = params; } - if (input.spec.source.helm && input.spec.source.helm.values && isValuesRaw) { - input.spec.source.helm.values = jsYaml.safeLoad(input.spec.source.helm.values); // Load values as json + if (input.spec.source.helm && input.spec.source.helm.valuesObject) { + input.spec.source.helm.valuesObject = jsYaml.safeLoad(input.spec.source.helm.values); // Deserialize json + input.spec.source.helm.values = ''; } await props.save(input, {}); setRemovedOverrides(new Array()); diff --git a/ui/src/app/shared/models.ts b/ui/src/app/shared/models.ts index f7530028bfee6..7604e4c39bd1e 100644 --- a/ui/src/app/shared/models.ts +++ b/ui/src/app/shared/models.ts @@ -202,6 +202,7 @@ export interface ApplicationSource { export interface ApplicationSourceHelm { valueFiles: string[]; values?: string; + valuesObject?: any; parameters: HelmParameter[]; fileParameters: HelmFileParameter[]; } From 1810c4c24c060c6686f7c534662ba4a6a032a703 Mon Sep 17 00:00:00 2001 From: Alexander Matyushentsev Date: Thu, 27 Jul 2023 23:18:06 +0300 Subject: [PATCH 055/105] fix: OCI dependency url can't contain part of repository (#14699) Signed-off-by: Alexander Matyushentsev --- reposerver/repository/repository.go | 12 ++++++++++++ reposerver/repository/repository_test.go | 2 +- .../repository/testdata/oci-dependencies/Chart.yaml | 2 +- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index c91d9f1c9bfcb..b9dd3d02e5dba 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -956,11 +956,13 @@ func getHelmRepos(appPath string, repositories []*v1alpha1.Repository, helmRepoC repos := make([]helm.HelmRepository, 0) for _, dep := range dependencies { + // find matching repo credentials by URL or name repo, ok := reposByUrl[dep.Repo] if !ok && dep.Name != "" { repo, ok = reposByName[dep.Name] } if !ok { + // if no matching repo credentials found, use the repo creds from the credential list repo = &v1alpha1.Repository{Repo: dep.Repo, Name: dep.Name, EnableOCI: dep.EnableOCI} if repositoryCredential := getRepoCredential(helmRepoCreds, dep.Repo); repositoryCredential != nil { repo.EnableOCI = repositoryCredential.EnableOCI @@ -969,6 +971,16 @@ func getHelmRepos(appPath string, repositories []*v1alpha1.Repository, helmRepoC repo.SSHPrivateKey = repositoryCredential.SSHPrivateKey repo.TLSClientCertData = repositoryCredential.TLSClientCertData repo.TLSClientCertKey = repositoryCredential.TLSClientCertKey + } else if repo.EnableOCI { + // finally if repo is OCI and no credentials found, use the first OCI credential matching by hostname + // see https://github.com/argoproj/argo-cd/issues/14636 + for _, cred := range repositories { + if depURL, err := url.Parse("oci://" + dep.Repo); err == nil && cred.EnableOCI && depURL.Host == cred.Repo { + repo.Username = cred.Username + repo.Password = cred.Password + break + } + } } } repos = append(repos, helm.HelmRepository{Name: repo.Name, Repo: repo.Repo, Creds: repo.GetHelmCreds(), EnableOci: repo.EnableOCI}) diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go index 2465a7dcb6242..e49ac181006fd 100644 --- a/reposerver/repository/repository_test.go +++ b/reposerver/repository/repository_test.go @@ -2687,7 +2687,7 @@ func TestGetHelmRepos_OCIDependencies(t *testing.T) { assert.Equal(t, len(helmRepos), 1) assert.Equal(t, helmRepos[0].Username, "test") assert.Equal(t, helmRepos[0].EnableOci, true) - assert.Equal(t, helmRepos[0].Repo, "example.com") + assert.Equal(t, helmRepos[0].Repo, "example.com/myrepo") } func TestGetHelmRepo_NamedRepos(t *testing.T) { diff --git a/reposerver/repository/testdata/oci-dependencies/Chart.yaml b/reposerver/repository/testdata/oci-dependencies/Chart.yaml index 3b39781ed6257..1674ae17c5516 100644 --- a/reposerver/repository/testdata/oci-dependencies/Chart.yaml +++ b/reposerver/repository/testdata/oci-dependencies/Chart.yaml @@ -2,5 +2,5 @@ name: my-chart version: 1.1.0 dependencies: - name: my-dependency - repository: oci://example.com + repository: oci://example.com/myrepo version: '*' \ No newline at end of file From 74a07f19c134f7475dbf131fc9453e9692c472cf Mon Sep 17 00:00:00 2001 From: Felix Date: Fri, 28 Jul 2023 19:51:05 +0100 Subject: [PATCH 056/105] docs: Add missing value (#14538) Signed-off-by: felix --- docs/operator-manual/config-management-plugins.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/operator-manual/config-management-plugins.md b/docs/operator-manual/config-management-plugins.md index ae39bf1a9214a..3550dbd81f143 100644 --- a/docs/operator-manual/config-management-plugins.md +++ b/docs/operator-manual/config-management-plugins.md @@ -106,7 +106,7 @@ spec: # static parameter announcements list. command: [echo, '[{"name": "example-param", "string": "default-string-value"}]'] - # If set to then the plugin receives repository files with original file mode. Dangerous since the repository + # If set to `true` then the plugin receives repository files with original file mode. Dangerous since the repository # might have executable files. Set to true only if you trust the CMP plugin authors. preserveFileMode: false ``` From 0a11089db3f8a57c561f5f25eb8bd51792e3aafd Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 30 Jul 2023 01:26:35 +0000 Subject: [PATCH 057/105] [Bot] docs: Update Snyk reports (#14781) Signed-off-by: CI Co-authored-by: CI --- docs/snyk/index.md | 82 +- docs/snyk/master/argocd-iac-install.html | 82 +- .../master/argocd-iac-namespace-install.html | 64 +- docs/snyk/master/argocd-test.html | 160 +--- .../master/ghcr.io_dexidp_dex_v2.37.0.html | 324 ++++++- docs/snyk/master/haproxy_2.6.14-alpine.html | 368 +++++++- .../quay.io_argoproj_argocd_latest.html | 334 ++++--- docs/snyk/master/redis_7.0.11-alpine.html | 368 +++++++- .../v2.5.20/ghcr.io_dexidp_dex_v2.37.0.html | 483 ---------- docs/snyk/v2.5.20/haproxy_2.6.14-alpine.html | 492 ---------- docs/snyk/v2.5.20/redis_7.0.11-alpine.html | 492 ---------- .../argocd-iac-install.html | 2 +- .../argocd-iac-namespace-install.html | 2 +- .../{v2.5.20 => v2.5.21}/argocd-test.html | 6 +- .../ghcr.io_dexidp_dex_v2.37.0.html} | 351 +++++--- docs/snyk/v2.5.21/haproxy_2.6.14-alpine.html | 850 ++++++++++++++++++ .../quay.io_argoproj_argocd_v2.5.21.html} | 616 +++++++------ docs/snyk/v2.5.21/redis_7.0.11-alpine.html | 850 ++++++++++++++++++ .../v2.6.12/ghcr.io_dexidp_dex_v2.37.0.html | 483 ---------- docs/snyk/v2.6.12/haproxy_2.6.14-alpine.html | 492 ---------- docs/snyk/v2.6.12/redis_7.0.11-alpine.html | 492 ---------- .../argocd-iac-install.html | 2 +- .../argocd-iac-namespace-install.html | 2 +- .../{v2.6.12 => v2.6.13}/argocd-test.html | 6 +- .../v2.6.13/ghcr.io_dexidp_dex_v2.37.0.html | 797 ++++++++++++++++ docs/snyk/v2.6.13/haproxy_2.6.14-alpine.html | 850 ++++++++++++++++++ .../quay.io_argoproj_argocd_v2.6.13.html} | 616 +++++++------ docs/snyk/v2.6.13/redis_7.0.11-alpine.html | 850 ++++++++++++++++++ docs/snyk/v2.7.7/haproxy_2.6.14-alpine.html | 492 ---------- docs/snyk/v2.7.7/redis_7.0.11-alpine.html | 492 ---------- .../argocd-iac-install.html | 2 +- .../argocd-iac-namespace-install.html | 2 +- docs/snyk/{v2.7.7 => v2.7.9}/argocd-test.html | 6 +- .../v2.7.9/ghcr.io_dexidp_dex_v2.37.0.html | 797 ++++++++++++++++ docs/snyk/v2.7.9/haproxy_2.6.14-alpine.html | 850 ++++++++++++++++++ .../quay.io_argoproj_argocd_v2.7.9.html} | 616 +++++++------ docs/snyk/v2.7.9/redis_7.0.11-alpine.html | 850 ++++++++++++++++++ .../ghcr.io_dexidp_dex_v2.37.0.html | 483 ---------- .../v2.8.0-rc2/haproxy_2.6.14-alpine.html | 492 ---------- docs/snyk/v2.8.0-rc2/redis_7.0.11-alpine.html | 492 ---------- .../argocd-iac-install.html | 82 +- .../argocd-iac-namespace-install.html | 64 +- .../argocd-test.html} | 97 +- .../ghcr.io_dexidp_dex_v2.37.0.html | 797 ++++++++++++++++ .../v2.8.0-rc6/haproxy_2.6.14-alpine.html | 850 ++++++++++++++++++ .../quay.io_argoproj_argocd_v2.8.0-rc6.html} | 550 ++++++------ docs/snyk/v2.8.0-rc6/redis_7.0.11-alpine.html | 850 ++++++++++++++++++ 47 files changed, 12193 insertions(+), 7187 deletions(-) delete mode 100644 docs/snyk/v2.5.20/ghcr.io_dexidp_dex_v2.37.0.html delete mode 100644 docs/snyk/v2.5.20/haproxy_2.6.14-alpine.html delete mode 100644 docs/snyk/v2.5.20/redis_7.0.11-alpine.html rename docs/snyk/{v2.5.20 => v2.5.21}/argocd-iac-install.html (99%) rename docs/snyk/{v2.5.20 => v2.5.21}/argocd-iac-namespace-install.html (99%) rename docs/snyk/{v2.5.20 => v2.5.21}/argocd-test.html (99%) rename docs/snyk/{v2.8.0-rc2/argocd-test.html => v2.5.21/ghcr.io_dexidp_dex_v2.37.0.html} (50%) create mode 100644 docs/snyk/v2.5.21/haproxy_2.6.14-alpine.html rename docs/snyk/{v2.5.20/quay.io_argoproj_argocd_v2.5.20.html => v2.5.21/quay.io_argoproj_argocd_v2.5.21.html} (91%) create mode 100644 docs/snyk/v2.5.21/redis_7.0.11-alpine.html delete mode 100644 docs/snyk/v2.6.12/ghcr.io_dexidp_dex_v2.37.0.html delete mode 100644 docs/snyk/v2.6.12/haproxy_2.6.14-alpine.html delete mode 100644 docs/snyk/v2.6.12/redis_7.0.11-alpine.html rename docs/snyk/{v2.6.12 => v2.6.13}/argocd-iac-install.html (99%) rename docs/snyk/{v2.6.12 => v2.6.13}/argocd-iac-namespace-install.html (99%) rename docs/snyk/{v2.6.12 => v2.6.13}/argocd-test.html (98%) create mode 100644 docs/snyk/v2.6.13/ghcr.io_dexidp_dex_v2.37.0.html create mode 100644 docs/snyk/v2.6.13/haproxy_2.6.14-alpine.html rename docs/snyk/{v2.6.12/quay.io_argoproj_argocd_v2.6.12.html => v2.6.13/quay.io_argoproj_argocd_v2.6.13.html} (91%) create mode 100644 docs/snyk/v2.6.13/redis_7.0.11-alpine.html delete mode 100644 docs/snyk/v2.7.7/haproxy_2.6.14-alpine.html delete mode 100644 docs/snyk/v2.7.7/redis_7.0.11-alpine.html rename docs/snyk/{v2.7.7 => v2.7.9}/argocd-iac-install.html (99%) rename docs/snyk/{v2.7.7 => v2.7.9}/argocd-iac-namespace-install.html (99%) rename docs/snyk/{v2.7.7 => v2.7.9}/argocd-test.html (98%) create mode 100644 docs/snyk/v2.7.9/ghcr.io_dexidp_dex_v2.37.0.html create mode 100644 docs/snyk/v2.7.9/haproxy_2.6.14-alpine.html rename docs/snyk/{v2.7.7/quay.io_argoproj_argocd_v2.7.7.html => v2.7.9/quay.io_argoproj_argocd_v2.7.9.html} (90%) create mode 100644 docs/snyk/v2.7.9/redis_7.0.11-alpine.html delete mode 100644 docs/snyk/v2.8.0-rc2/ghcr.io_dexidp_dex_v2.37.0.html delete mode 100644 docs/snyk/v2.8.0-rc2/haproxy_2.6.14-alpine.html delete mode 100644 docs/snyk/v2.8.0-rc2/redis_7.0.11-alpine.html rename docs/snyk/{v2.8.0-rc2 => v2.8.0-rc6}/argocd-iac-install.html (98%) rename docs/snyk/{v2.8.0-rc2 => v2.8.0-rc6}/argocd-iac-namespace-install.html (98%) rename docs/snyk/{v2.7.7/ghcr.io_dexidp_dex_v2.37.0.html => v2.8.0-rc6/argocd-test.html} (70%) create mode 100644 docs/snyk/v2.8.0-rc6/ghcr.io_dexidp_dex_v2.37.0.html create mode 100644 docs/snyk/v2.8.0-rc6/haproxy_2.6.14-alpine.html rename docs/snyk/{v2.8.0-rc2/quay.io_argoproj_argocd_v2.8.0-rc2.html => v2.8.0-rc6/quay.io_argoproj_argocd_v2.8.0-rc6.html} (91%) create mode 100644 docs/snyk/v2.8.0-rc6/redis_7.0.11-alpine.html diff --git a/docs/snyk/index.md b/docs/snyk/index.md index b27c3646f1e17..4908a8bed515f 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -14,62 +14,62 @@ recent minor releases. | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| | [go.mod](master/argocd-test.html) | 0 | 1 | 0 | 0 | -| [ui/yarn.lock](master/argocd-test.html) | 0 | 1 | 0 | 0 | -| [dex:v2.37.0](master/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 0 | 0 | -| [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 3 | 17 | -| [redis:7.0.11-alpine](master/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | +| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.37.0](master/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 2 | 0 | +| [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 0 | 2 | 0 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 3 | 15 | +| [redis:7.0.11-alpine](master/redis_7.0.11-alpine.html) | 0 | 0 | 2 | 0 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.8.0-rc2 +### v2.8.0-rc6 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.8.0-rc2/argocd-test.html) | 0 | 1 | 0 | 0 | -| [ui/yarn.lock](v2.8.0-rc2/argocd-test.html) | 0 | 1 | 0 | 0 | -| [dex:v2.37.0](v2.8.0-rc2/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 0 | 0 | -| [haproxy:2.6.14-alpine](v2.8.0-rc2/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.8.0-rc2](v2.8.0-rc2/quay.io_argoproj_argocd_v2.8.0-rc2.html) | 0 | 0 | 3 | 17 | -| [redis:7.0.11-alpine](v2.8.0-rc2/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | -| [install.yaml](v2.8.0-rc2/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.8.0-rc2/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.8.0-rc6/argocd-test.html) | 0 | 1 | 0 | 0 | +| [ui/yarn.lock](v2.8.0-rc6/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.37.0](v2.8.0-rc6/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 2 | 0 | +| [haproxy:2.6.14-alpine](v2.8.0-rc6/haproxy_2.6.14-alpine.html) | 0 | 0 | 2 | 0 | +| [argocd:v2.8.0-rc6](v2.8.0-rc6/quay.io_argoproj_argocd_v2.8.0-rc6.html) | 0 | 0 | 3 | 15 | +| [redis:7.0.11-alpine](v2.8.0-rc6/redis_7.0.11-alpine.html) | 0 | 0 | 2 | 0 | +| [install.yaml](v2.8.0-rc6/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.8.0-rc6/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.7.7 +### v2.7.9 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.7.7/argocd-test.html) | 0 | 0 | 0 | 0 | -| [ui/yarn.lock](v2.7.7/argocd-test.html) | 0 | 1 | 0 | 0 | -| [dex:v2.37.0](v2.7.7/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 0 | 0 | -| [haproxy:2.6.14-alpine](v2.7.7/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.7.7](v2.7.7/quay.io_argoproj_argocd_v2.7.7.html) | 0 | 0 | 3 | 17 | -| [redis:7.0.11-alpine](v2.7.7/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | -| [install.yaml](v2.7.7/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.7.7/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.7.9/argocd-test.html) | 0 | 0 | 0 | 0 | +| [ui/yarn.lock](v2.7.9/argocd-test.html) | 0 | 1 | 0 | 0 | +| [dex:v2.37.0](v2.7.9/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 2 | 0 | +| [haproxy:2.6.14-alpine](v2.7.9/haproxy_2.6.14-alpine.html) | 0 | 0 | 2 | 0 | +| [argocd:v2.7.9](v2.7.9/quay.io_argoproj_argocd_v2.7.9.html) | 0 | 0 | 4 | 15 | +| [redis:7.0.11-alpine](v2.7.9/redis_7.0.11-alpine.html) | 0 | 0 | 2 | 0 | +| [install.yaml](v2.7.9/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.7.9/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.6.12 +### v2.6.13 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.6.12/argocd-test.html) | 0 | 0 | 0 | 0 | -| [ui/yarn.lock](v2.6.12/argocd-test.html) | 0 | 1 | 0 | 0 | -| [dex:v2.37.0](v2.6.12/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 0 | 0 | -| [haproxy:2.6.14-alpine](v2.6.12/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.6.12](v2.6.12/quay.io_argoproj_argocd_v2.6.12.html) | 0 | 0 | 3 | 17 | -| [redis:7.0.11-alpine](v2.6.12/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | -| [install.yaml](v2.6.12/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.6.12/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.6.13/argocd-test.html) | 0 | 0 | 0 | 0 | +| [ui/yarn.lock](v2.6.13/argocd-test.html) | 0 | 1 | 0 | 0 | +| [dex:v2.37.0](v2.6.13/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 2 | 0 | +| [haproxy:2.6.14-alpine](v2.6.13/haproxy_2.6.14-alpine.html) | 0 | 0 | 2 | 0 | +| [argocd:v2.6.13](v2.6.13/quay.io_argoproj_argocd_v2.6.13.html) | 0 | 0 | 4 | 15 | +| [redis:7.0.11-alpine](v2.6.13/redis_7.0.11-alpine.html) | 0 | 0 | 2 | 0 | +| [install.yaml](v2.6.13/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.6.13/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.5.20 +### v2.5.21 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.5.20/argocd-test.html) | 0 | 0 | 2 | 0 | -| [ui/yarn.lock](v2.5.20/argocd-test.html) | 0 | 1 | 4 | 0 | -| [dex:v2.37.0](v2.5.20/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 0 | 0 | -| [haproxy:2.6.14-alpine](v2.5.20/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.5.20](v2.5.20/quay.io_argoproj_argocd_v2.5.20.html) | 0 | 0 | 3 | 17 | -| [redis:7.0.11-alpine](v2.5.20/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | -| [install.yaml](v2.5.20/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.5.20/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.5.21/argocd-test.html) | 0 | 0 | 2 | 0 | +| [ui/yarn.lock](v2.5.21/argocd-test.html) | 0 | 1 | 4 | 0 | +| [dex:v2.37.0](v2.5.21/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 2 | 0 | +| [haproxy:2.6.14-alpine](v2.5.21/haproxy_2.6.14-alpine.html) | 0 | 0 | 2 | 0 | +| [argocd:v2.5.21](v2.5.21/quay.io_argoproj_argocd_v2.5.21.html) | 0 | 0 | 4 | 15 | +| [redis:7.0.11-alpine](v2.5.21/redis_7.0.11-alpine.html) | 0 | 0 | 2 | 0 | +| [install.yaml](v2.5.21/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.5.21/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 7b11441beb9e2..dfe207c217a92 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

Snyk test report

-

July 9th 2023, 12:21:13 am (UTC+00:00)

+

July 30th 2023, 12:18:08 am (UTC+00:00)

Scanned the following path: @@ -507,7 +507,7 @@

Role with dangerous permissions

  • - Line number: 18454 + Line number: 18466
  • @@ -553,7 +553,7 @@

    Role with dangerous permissions

  • - Line number: 18531 + Line number: 18543
  • @@ -599,7 +599,7 @@

    Role with dangerous permissions

  • - Line number: 18559 + Line number: 18571
  • @@ -645,7 +645,7 @@

    Role with dangerous permissions

  • - Line number: 18607 + Line number: 18619
  • @@ -691,7 +691,7 @@

    Role with dangerous permissions

  • - Line number: 18589 + Line number: 18601
  • @@ -737,7 +737,7 @@

    Role with dangerous permissions

  • - Line number: 18623 + Line number: 18635
  • @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 19707 + Line number: 19731
  • @@ -847,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 19094 + Line number: 19106
  • @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 19315 + Line number: 19339
  • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 19281 + Line number: 19305
  • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 19375 + Line number: 19399
  • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 19462 + Line number: 19486
  • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 19707 + Line number: 19731
  • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 19519 + Line number: 19543
  • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 19792 + Line number: 19816
  • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 20108 + Line number: 20132
  • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 19295 + Line number: 19319
  • @@ -1415,7 +1415,7 @@

    Container is running without liveness probe

  • - Line number: 19094 + Line number: 19106
  • @@ -1467,7 +1467,7 @@

    Container is running without liveness probe

  • - Line number: 19281 + Line number: 19305
  • @@ -1519,7 +1519,7 @@

    Container is running without liveness probe

  • - Line number: 19315 + Line number: 19339
  • @@ -1571,7 +1571,7 @@

    Container is running without liveness probe

  • - Line number: 19462 + Line number: 19486
  • @@ -1623,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 19707 + Line number: 19731
  • @@ -1681,7 +1681,7 @@

    Container is running without memory limit

  • - Line number: 19094 + Line number: 19106
  • @@ -1739,7 +1739,7 @@

    Container is running without memory limit

  • - Line number: 19281 + Line number: 19305
  • @@ -1797,7 +1797,7 @@

    Container is running without memory limit

  • - Line number: 19315 + Line number: 19339
  • @@ -1855,7 +1855,7 @@

    Container is running without memory limit

  • - Line number: 19375 + Line number: 19399
  • @@ -1913,7 +1913,7 @@

    Container is running without memory limit

  • - Line number: 19462 + Line number: 19486
  • @@ -1971,7 +1971,7 @@

    Container is running without memory limit

  • - Line number: 19707 + Line number: 19731
  • @@ -2029,7 +2029,7 @@

    Container is running without memory limit

  • - Line number: 19519 + Line number: 19543
  • @@ -2087,7 +2087,7 @@

    Container is running without memory limit

  • - Line number: 19792 + Line number: 19816
  • @@ -2145,7 +2145,7 @@

    Container is running without memory limit

  • - Line number: 20108 + Line number: 20132
  • @@ -2201,7 +2201,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19205 + Line number: 19229
  • @@ -2257,7 +2257,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19323 + Line number: 19347
  • @@ -2313,7 +2313,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19298 + Line number: 19322
  • @@ -2369,7 +2369,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19396 + Line number: 19420
  • @@ -2425,7 +2425,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19472 + Line number: 19496
  • @@ -2481,7 +2481,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19714 + Line number: 19738
  • @@ -2537,7 +2537,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19680 + Line number: 19704
  • @@ -2593,7 +2593,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 20018 + Line number: 20042
  • @@ -2649,7 +2649,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 20256 + Line number: 20280
  • diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index f8e4ebdfe8879..163793f6f7d11 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 9th 2023, 12:21:26 am (UTC+00:00)

    +

    July 30th 2023, 12:18:20 am (UTC+00:00)

    Scanned the following path: @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 1237 + Line number: 1249
  • @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 845 + Line number: 857
  • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 811 + Line number: 823
  • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 905 + Line number: 917
  • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 992 + Line number: 1004
  • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 1237 + Line number: 1249
  • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 1049 + Line number: 1061
  • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1322 + Line number: 1334
  • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1638 + Line number: 1650
  • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 825 + Line number: 837
  • @@ -1467,7 +1467,7 @@

    Container is running without liveness probe

  • - Line number: 811 + Line number: 823
  • @@ -1519,7 +1519,7 @@

    Container is running without liveness probe

  • - Line number: 845 + Line number: 857
  • @@ -1571,7 +1571,7 @@

    Container is running without liveness probe

  • - Line number: 992 + Line number: 1004
  • @@ -1623,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 1237 + Line number: 1249
  • @@ -1739,7 +1739,7 @@

    Container is running without memory limit

  • - Line number: 811 + Line number: 823
  • @@ -1797,7 +1797,7 @@

    Container is running without memory limit

  • - Line number: 845 + Line number: 857
  • @@ -1855,7 +1855,7 @@

    Container is running without memory limit

  • - Line number: 905 + Line number: 917
  • @@ -1913,7 +1913,7 @@

    Container is running without memory limit

  • - Line number: 992 + Line number: 1004
  • @@ -1971,7 +1971,7 @@

    Container is running without memory limit

  • - Line number: 1237 + Line number: 1249
  • @@ -2029,7 +2029,7 @@

    Container is running without memory limit

  • - Line number: 1049 + Line number: 1061
  • @@ -2087,7 +2087,7 @@

    Container is running without memory limit

  • - Line number: 1322 + Line number: 1334
  • @@ -2145,7 +2145,7 @@

    Container is running without memory limit

  • - Line number: 1638 + Line number: 1650
  • @@ -2201,7 +2201,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 735 + Line number: 747
  • @@ -2257,7 +2257,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 853 + Line number: 865
  • @@ -2313,7 +2313,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 828 + Line number: 840
  • @@ -2369,7 +2369,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 926 + Line number: 938
  • @@ -2425,7 +2425,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1002 + Line number: 1014
  • @@ -2481,7 +2481,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1244 + Line number: 1256
  • @@ -2537,7 +2537,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1210 + Line number: 1222
  • @@ -2593,7 +2593,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1548 + Line number: 1560
  • @@ -2649,7 +2649,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1786 + Line number: 1798
  • diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index dff5d4eff951a..9555410285bfd 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 9th 2023, 12:18:34 am (UTC+00:00)

    +

    July 30th 2023, 12:15:46 am (UTC+00:00)

    Scanned the following paths: @@ -466,9 +466,9 @@

    Snyk test report

    -
    2 known vulnerabilities
    -
    2 vulnerable dependency paths
    -
    1805 dependencies
    +
    1 known vulnerabilities
    +
    1 vulnerable dependency paths
    +
    1812 dependencies

    @@ -476,156 +476,6 @@

    Snyk test report

    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: npm -
    • -
    • - Vulnerable module: - - semver -
    • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, superagent@8.0.9 and others -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - superagent@8.0.9 - - semver@7.3.8 - - - -
    • -
    - -
    - -
    - -

    Overview

    -

    semver is a semantic version parser used by npm.

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

    -

    PoC

    -
    
    -        const semver = require('semver')
    -        const lengths_2 = [2000, 4000, 8000, 16000, 32000, 64000, 128000]
    -        
    -        console.log("n[+] Valid range - Test payloads")
    -        for (let i = 0; i =1.2.3' + ' '.repeat(lengths_2[i]) + '<1.3.0';
    -        const start = Date.now()
    -        semver.validRange(value)
    -        // semver.minVersion(value)
    -        // semver.maxSatisfying(["1.2.3"], value)
    -        // semver.minSatisfying(["1.2.3"], value)
    -        // new semver.Range(value, {})
    -        
    -        const end = Date.now();
    -        console.log('length=%d, time=%d ms', value.length, end - start);
    -        }
    -        
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    -
    regex = /A(B|C+)+D/
    -        
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
    • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
    • -
    • D Finally, we ensure this section of the string ends with a 'D'
    • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    -
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
    -        0.04s user 0.01s system 95% cpu 0.052 total
    -        
    -        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
    -        1.79s user 0.02s system 99% cpu 1.812 total
    -        
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
    2. -
    3. CC+C
    4. -
    5. C+CC
    6. -
    7. C+C+C.
    8. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    Upgrade semver to version 7.5.2 or higher.

    -

    References

    - - -
    - - - -

    Denial of Service (DoS)

    diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.37.0.html index 606a45c9fbca5..862f1052a09f2 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.37.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 9th 2023, 12:18:46 am (UTC+00:00)

    +

    July 30th 2023, 12:15:57 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    0 known vulnerabilities
    -
    0 vulnerable dependency paths
    +
    2 known vulnerabilities
    +
    14 vulnerable dependency paths
    786 dependencies
    @@ -475,7 +475,321 @@

    Snyk test report

    - No known vulnerabilities detected. +
    +
    +

    Improper Authentication

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

    +

    Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

    +

    The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

    +

    As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    +

    References

    + + +
    + + + +
    +
    +

    Inefficient Regular Expression Complexity

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

    +

    However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    +

    References

    + + +
    + + + +
    +
    diff --git a/docs/snyk/master/haproxy_2.6.14-alpine.html b/docs/snyk/master/haproxy_2.6.14-alpine.html index a12c29f0b594c..fc3c8a2a7e8cb 100644 --- a/docs/snyk/master/haproxy_2.6.14-alpine.html +++ b/docs/snyk/master/haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 9th 2023, 12:18:53 am (UTC+00:00)

    +

    July 30th 2023, 12:16:03 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    0 known vulnerabilities
    -
    0 vulnerable dependency paths
    +
    2 known vulnerabilities
    +
    18 vulnerable dependency paths
    18 dependencies
    @@ -484,7 +484,365 @@

    Snyk test report

    - No known vulnerabilities detected. +
    +
    +

    Improper Authentication

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

    +

    Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

    +

    The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

    +

    As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    +

    References

    + + +
    + + + +
    +
    +

    Inefficient Regular Expression Complexity

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

    +

    However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    +

    References

    + + +
    + + + +
    +
    diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index a8d60976762aa..3696a95cf6e6b 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 9th 2023, 12:19:18 am (UTC+00:00)

    +

    July 30th 2023, 12:16:27 am (UTC+00:00)

    Scanned the following paths: @@ -466,9 +466,9 @@

    Snyk test report

    -
    21 known vulnerabilities
    -
    95 vulnerable dependency paths
    -
    2114 dependencies
    +
    19 known vulnerabilities
    +
    101 vulnerable dependency paths
    +
    2121 dependencies
    @@ -1195,7 +1195,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.3 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1463,7 +1463,7 @@

    References

    -

    Information Exposure

    +

    Improper Authentication

    @@ -1479,12 +1479,12 @@

    Information Exposure

  • Vulnerable module: - openssh/openssh-client + openssl/libssl3
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3@3.0.2-0ubuntu1.10
  • @@ -1499,7 +1499,111 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + openssl/libssl3@3.0.2-0ubuntu1.10 + + + + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
  • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + libfido2/libfido2-1@1.10.0-1 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
  • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + openssh/openssh-client@1:8.9p1-3ubuntu0.3 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
  • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.10 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
  • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
  • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.3 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 + + krb5/libkrb5-3@1.19.2-2ubuntu0.2 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
  • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + openssl@3.0.2-0ubuntu1.10 + + + +
  • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.10 @@ -1511,28 +1615,42 @@

    Detailed paths


    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    +

    Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

    +

    Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

    +

    The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

    +

    As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    There is no fixed version for Ubuntu:22.04 openssl.

    References


  • @@ -1558,7 +1676,7 @@

    CVE-2023-28531

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.3
  • @@ -1573,7 +1691,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.3 @@ -1595,6 +1713,7 @@

    References

  • ADVISORY
  • cve@mitre.org
  • cve@mitre.org
  • +
  • cve@mitre.org

  • @@ -1643,7 +1762,7 @@

    Detailed paths

    gnupg2/dirmngr@2.2.27-3ubuntu2.1 - openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 + openldap/libldap-2.5-0@2.5.15+dfsg-0ubuntu0.22.04.1 @@ -1654,9 +1773,9 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 + openldap/libldap-2.5-0@2.5.15+dfsg-0ubuntu0.22.04.1 @@ -1665,7 +1784,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 + openldap/libldap-common@2.5.15+dfsg-0ubuntu0.22.04.1 @@ -1688,6 +1807,12 @@

    References

  • secalert@redhat.com
  • secalert@redhat.com
  • secalert@redhat.com
  • +
  • secalert@redhat.com
  • +
  • secalert@redhat.com
  • +
  • secalert@redhat.com
  • +
  • secalert@redhat.com
  • +
  • secalert@redhat.com
  • +
  • secalert@redhat.com

  • @@ -1757,6 +1882,7 @@

    References


    @@ -1895,7 +2021,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.3 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -1908,7 +2034,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -1921,7 +2047,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 @@ -2533,150 +2659,6 @@

    References

    More about this vulnerability

    -
    -
    -

    CVE-2023-28322

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
    • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.9 and others -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 curl.

    -

    References

    - - -
    - - - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
    • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.9 and others -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 curl.

    -

    References

    - - -
    - - -

    Improper Input Validation

    diff --git a/docs/snyk/master/redis_7.0.11-alpine.html b/docs/snyk/master/redis_7.0.11-alpine.html index 27ada37d668cc..ce6e2ec055b70 100644 --- a/docs/snyk/master/redis_7.0.11-alpine.html +++ b/docs/snyk/master/redis_7.0.11-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 9th 2023, 12:19:25 am (UTC+00:00)

    +

    July 30th 2023, 12:16:34 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    0 known vulnerabilities
    -
    0 vulnerable dependency paths
    +
    2 known vulnerabilities
    +
    18 vulnerable dependency paths
    18 dependencies
    @@ -484,7 +484,365 @@

    Snyk test report

    - No known vulnerabilities detected. +
    +
    +

    Improper Authentication

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

    +

    Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

    +

    The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

    +

    As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    +

    References

    + + +
    + + + +
    +
    +

    Inefficient Regular Expression Complexity

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

    +

    However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    +

    References

    + + +
    + + + +
    +
    diff --git a/docs/snyk/v2.5.20/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.5.20/ghcr.io_dexidp_dex_v2.37.0.html deleted file mode 100644 index 40175527343b2..0000000000000 --- a/docs/snyk/v2.5.20/ghcr.io_dexidp_dex_v2.37.0.html +++ /dev/null @@ -1,483 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    July 9th 2023, 12:32:36 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
    • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 (gomodules)
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
    • -
    -
    - -
    -
    0 known vulnerabilities
    -
    0 vulnerable dependency paths
    -
    786 dependencies
    -
    -
    -
    -
    - -
    - No known vulnerabilities detected. -
    -
    - - - diff --git a/docs/snyk/v2.5.20/haproxy_2.6.14-alpine.html b/docs/snyk/v2.5.20/haproxy_2.6.14-alpine.html deleted file mode 100644 index 27914ebb28b09..0000000000000 --- a/docs/snyk/v2.5.20/haproxy_2.6.14-alpine.html +++ /dev/null @@ -1,492 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    July 9th 2023, 12:32:46 am (UTC+00:00)

    -
    -
    - Scanned the following path: -
      -
    • haproxy:2.6.14-alpine (apk)
    • -
    -
    - -
    -
    0 known vulnerabilities
    -
    0 vulnerable dependency paths
    -
    18 dependencies
    -
    -
    -
    -
    -
    - - - - - - - -
    Project docker-image|haproxy
    Path haproxy:2.6.14-alpine
    Package Manager apk
    -
    -
    - No known vulnerabilities detected. -
    -
    - - - diff --git a/docs/snyk/v2.5.20/redis_7.0.11-alpine.html b/docs/snyk/v2.5.20/redis_7.0.11-alpine.html deleted file mode 100644 index fa6d133bffd86..0000000000000 --- a/docs/snyk/v2.5.20/redis_7.0.11-alpine.html +++ /dev/null @@ -1,492 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    July 9th 2023, 12:33:18 am (UTC+00:00)

    -
    -
    - Scanned the following path: -
      -
    • redis:7.0.11-alpine (apk)
    • -
    -
    - -
    -
    0 known vulnerabilities
    -
    0 vulnerable dependency paths
    -
    18 dependencies
    -
    -
    -
    -
    -
    - - - - - - - -
    Project docker-image|redis
    Path redis:7.0.11-alpine
    Package Manager apk
    -
    -
    - No known vulnerabilities detected. -
    -
    - - - diff --git a/docs/snyk/v2.5.20/argocd-iac-install.html b/docs/snyk/v2.5.21/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.5.20/argocd-iac-install.html rename to docs/snyk/v2.5.21/argocd-iac-install.html index f03aa03e35e63..37f05edd7ae93 100644 --- a/docs/snyk/v2.5.20/argocd-iac-install.html +++ b/docs/snyk/v2.5.21/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 9th 2023, 12:34:20 am (UTC+00:00)

    +

    July 30th 2023, 12:28:25 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.5.20/argocd-iac-namespace-install.html b/docs/snyk/v2.5.21/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.5.20/argocd-iac-namespace-install.html rename to docs/snyk/v2.5.21/argocd-iac-namespace-install.html index 808622da80dc5..9c1deada2701c 100644 --- a/docs/snyk/v2.5.20/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.5.21/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 9th 2023, 12:34:34 am (UTC+00:00)

    +

    July 30th 2023, 12:28:36 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.5.20/argocd-test.html b/docs/snyk/v2.5.21/argocd-test.html similarity index 99% rename from docs/snyk/v2.5.20/argocd-test.html rename to docs/snyk/v2.5.21/argocd-test.html index 3eaa49d7e71ce..2d002a2bc03de 100644 --- a/docs/snyk/v2.5.20/argocd-test.html +++ b/docs/snyk/v2.5.21/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 9th 2023, 12:32:28 am (UTC+00:00)

    +

    July 30th 2023, 12:26:48 am (UTC+00:00)

    Scanned the following paths: @@ -609,10 +609,12 @@

    Details

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    Remediation

    -

    Upgrade semver to version 7.5.2 or higher.

    +

    Upgrade semver to version 5.7.2, 6.3.1, 7.5.2 or higher.

    References

      +
    • GitHub Commit
    • GitHub Commit
    • +
    • GitHub Commit
    • GitHub PR
    • Vulnerable Code
    • Vulnerable Code
    • diff --git a/docs/snyk/v2.8.0-rc2/argocd-test.html b/docs/snyk/v2.5.21/ghcr.io_dexidp_dex_v2.37.0.html similarity index 50% rename from docs/snyk/v2.8.0-rc2/argocd-test.html rename to docs/snyk/v2.5.21/ghcr.io_dexidp_dex_v2.37.0.html index 3504db482b43b..ef8d54b899983 100644 --- a/docs/snyk/v2.8.0-rc2/argocd-test.html +++ b/docs/snyk/v2.5.21/ghcr.io_dexidp_dex_v2.37.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,19 +456,19 @@

      Snyk test report

      -

      July 9th 2023, 12:21:45 am (UTC+00:00)

      +

      July 30th 2023, 12:26:55 am (UTC+00:00)

      Scanned the following paths:
        -
      • /argo-cd/argoproj/argo-cd/v2 (gomodules)
      • /argo-cd (yarn)
      • +
      • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
      • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 (gomodules)
      • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
      • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
      2 known vulnerabilities
      -
      2 vulnerable dependency paths
      -
      1804 dependencies
      +
      14 vulnerable dependency paths
      +
      786 dependencies
    @@ -476,30 +476,30 @@

    Snyk test report

    -
    -

    Regular Expression Denial of Service (ReDoS)

    +
    +

    Improper Authentication

    -
    - high severity +
    + medium severity

    • - Package Manager: npm + Package Manager: alpine:3.18
    • Vulnerable module: - semver + openssl/libcrypto3
    • Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - argo-cd-ui@1.0.0, superagent@8.0.9 and others
    @@ -511,11 +511,75 @@

    Detailed paths

    • Introduced through: - argo-cd-ui@1.0.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - superagent@8.0.9 + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 - semver@7.3.8 + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 @@ -526,130 +590,69 @@

      Detailed paths


      -

      Overview

      -

      semver is a semantic version parser used by npm.

      -

      Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

      -

      PoC

      -
      
      -        const semver = require('semver')
      -        const lengths_2 = [2000, 4000, 8000, 16000, 32000, 64000, 128000]
      -        
      -        console.log("n[+] Valid range - Test payloads")
      -        for (let i = 0; i =1.2.3' + ' '.repeat(lengths_2[i]) + '<1.3.0';
      -        const start = Date.now()
      -        semver.validRange(value)
      -        // semver.minVersion(value)
      -        // semver.maxSatisfying(["1.2.3"], value)
      -        // semver.minSatisfying(["1.2.3"], value)
      -        // new semver.Range(value, {})
      -        
      -        const end = Date.now();
      -        console.log('length=%d, time=%d ms', value.length, end - start);
      -        }
      -        
      -

      Details

      -

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

      -

      The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

      -

      Let’s take the following regular expression as an example:

      -
      regex = /A(B|C+)+D/
      -        
      -

      This regular expression accomplishes the following:

      -
        -
      • A The string must start with the letter 'A'
      • -
      • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
      • D Finally, we ensure this section of the string ends with a 'D'
      • -
      -

      The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

      -

      It most cases, it doesn't take very long for a regex engine to find a match:

      -
      $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
      -        0.04s user 0.01s system 95% cpu 0.052 total
      -        
      -        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
      -        1.79s user 0.02s system 99% cpu 1.812 total
      -        
      -

      The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

      -

      Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

      -

      Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

      -
        -
      1. CCC
      2. -
      3. CC+C
      4. -
      5. C+CC
      6. -
      7. C+C+C.
      8. -
      -

      The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

      -

      From there, the number of steps the engine must use to validate a string just continues to grow.

      - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      StringNumber of C'sNumber of steps
      ACCCX338
      ACCCCX471
      ACCCCCX5136
      ACCCCCCCCCCCCCCX1465,553
      -

      By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

      +

      Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

      +

      The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

      +

      As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

      Remediation

      -

      Upgrade semver to version 7.5.2 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

      References


    -
    -

    Denial of Service (DoS)

    +
    +

    Inefficient Regular Expression Complexity

    -
    - high severity +
    + medium severity

    • - Package Manager: golang + Package Manager: alpine:3.18
    • Vulnerable module: - nhooyr.io/websocket + openssl/libcrypto3
    • Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - github.com/argoproj/argo-cd/v2@0.0.0, github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 and others
    @@ -661,11 +664,75 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 - nhooyr.io/websocket@1.8.6 + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 @@ -676,35 +743,49 @@

      Detailed paths


      -

      Overview

      -

      nhooyr.io/websocket is a minimal and idiomatic WebSocket library for Go.

      -

      Affected versions of this package are vulnerable to Denial of Service (DoS). A double channel close panic is possible if a peer sent back multiple pongs for every ping. - If the second pong arrived before the ping goroutine deleted its channel from the map, the channel would be closed twice and a panic would - occur.

      -

      Details

      -

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      -

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      -

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      -

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      -

      Two common types of DoS vulnerabilities:

      -
        -
      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        -
      • -
      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        -
      • -
      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

      +

      The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

      +

      However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

      +

      An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

      +

      The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

      +

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      Remediation

      -

      Upgrade nhooyr.io/websocket to version 1.8.7 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

      References


    diff --git a/docs/snyk/v2.5.21/haproxy_2.6.14-alpine.html b/docs/snyk/v2.5.21/haproxy_2.6.14-alpine.html new file mode 100644 index 0000000000000..c3152b9329766 --- /dev/null +++ b/docs/snyk/v2.5.21/haproxy_2.6.14-alpine.html @@ -0,0 +1,850 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    July 30th 2023, 12:27:02 am (UTC+00:00)

    +
    +
    + Scanned the following path: +
      +
    • haproxy:2.6.14-alpine (apk)
    • +
    +
    + +
    +
    2 known vulnerabilities
    +
    18 vulnerable dependency paths
    +
    18 dependencies
    +
    +
    +
    +
    +
    + + + + + + + +
    Project docker-image|haproxy
    Path haproxy:2.6.14-alpine
    Package Manager apk
    +
    +
    +
    +
    +

    Improper Authentication

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

    +

    Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

    +

    The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

    +

    As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    +

    References

    + + +
    + + + +
    +
    +

    Inefficient Regular Expression Complexity

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

    +

    However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    +

    References

    + + +
    + + + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.5.20/quay.io_argoproj_argocd_v2.5.20.html b/docs/snyk/v2.5.21/quay.io_argoproj_argocd_v2.5.21.html similarity index 91% rename from docs/snyk/v2.5.20/quay.io_argoproj_argocd_v2.5.20.html rename to docs/snyk/v2.5.21/quay.io_argoproj_argocd_v2.5.21.html index 075d3efc7f4f8..3f686a2048fa4 100644 --- a/docs/snyk/v2.5.20/quay.io_argoproj_argocd_v2.5.20.html +++ b/docs/snyk/v2.5.21/quay.io_argoproj_argocd_v2.5.21.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,18 +456,18 @@

    Snyk test report

    -

    July 9th 2023, 12:33:12 am (UTC+00:00)

    +

    July 30th 2023, 12:27:26 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.5.20/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.5.20/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.5.20/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.5.20/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.5.20/git-lfs/git-lfs (gomodules)
    • +
    • quay.io/argoproj/argocd:v2.5.21/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.5.21/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.5.21/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.5.21/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.5.21/git-lfs/git-lfs (gomodules)
    -
    30 known vulnerabilities
    -
    106 vulnerable dependency paths
    +
    29 known vulnerabilities
    +
    113 vulnerable dependency paths
    2047 dependencies
    @@ -900,7 +900,7 @@

    Improper Validation of Integrity Check Value

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 and systemd/libsystemd0@249.11-0ubuntu3.9 + docker-image|quay.io/argoproj/argocd@v2.5.21 and systemd/libsystemd0@249.11-0ubuntu3.9
  • @@ -913,7 +913,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 systemd/libsystemd0@249.11-0ubuntu3.9 @@ -922,7 +922,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 apt@2.4.9 @@ -933,7 +933,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 procps/libprocps8@2:3.3.17-6ubuntu2 @@ -944,7 +944,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 util-linux@2.37.2-4ubuntu3 @@ -955,7 +955,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 util-linux/bsdutils@1:2.37.2-4ubuntu3 @@ -966,7 +966,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 apt@2.4.9 @@ -979,7 +979,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 systemd/libudev1@249.11-0ubuntu3.9 @@ -988,7 +988,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 libfido2/libfido2-1@1.10.0-1 @@ -999,7 +999,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 util-linux@2.37.2-4ubuntu3 @@ -1010,7 +1010,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 apt@2.4.9 @@ -1070,7 +1070,7 @@

      Improper Validation of Integrity Check Value

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 and systemd/libsystemd0@249.11-0ubuntu3.9 + docker-image|quay.io/argoproj/argocd@v2.5.21 and systemd/libsystemd0@249.11-0ubuntu3.9
    @@ -1083,7 +1083,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 systemd/libsystemd0@249.11-0ubuntu3.9 @@ -1092,7 +1092,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 apt@2.4.9 @@ -1103,7 +1103,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 procps/libprocps8@2:3.3.17-6ubuntu2 @@ -1114,7 +1114,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 util-linux@2.37.2-4ubuntu3 @@ -1125,7 +1125,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 util-linux/bsdutils@1:2.37.2-4ubuntu3 @@ -1136,7 +1136,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 apt@2.4.9 @@ -1149,7 +1149,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 systemd/libudev1@249.11-0ubuntu3.9 @@ -1158,7 +1158,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 libfido2/libfido2-1@1.10.0-1 @@ -1169,7 +1169,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 util-linux@2.37.2-4ubuntu3 @@ -1180,7 +1180,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 apt@2.4.9 @@ -1240,7 +1240,7 @@

      Improper Validation of Integrity Check Value

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 and systemd/libsystemd0@249.11-0ubuntu3.9 + docker-image|quay.io/argoproj/argocd@v2.5.21 and systemd/libsystemd0@249.11-0ubuntu3.9
    @@ -1253,7 +1253,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 systemd/libsystemd0@249.11-0ubuntu3.9 @@ -1262,7 +1262,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 apt@2.4.9 @@ -1273,7 +1273,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 procps/libprocps8@2:3.3.17-6ubuntu2 @@ -1284,7 +1284,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 util-linux@2.37.2-4ubuntu3 @@ -1295,7 +1295,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 util-linux/bsdutils@1:2.37.2-4ubuntu3 @@ -1306,7 +1306,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 apt@2.4.9 @@ -1319,7 +1319,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 systemd/libudev1@249.11-0ubuntu3.9 @@ -1328,7 +1328,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 libfido2/libfido2-1@1.10.0-1 @@ -1339,7 +1339,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 util-linux@2.37.2-4ubuntu3 @@ -1350,7 +1350,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 apt@2.4.9 @@ -1387,6 +1387,86 @@

      References

      More about this vulnerability

    +
    +
    +

    CVE-2023-38408

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
    • +
    • + Vulnerable module: + + openssh/openssh-client +
    • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.5.21 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.21 + + openssh/openssh-client@1:8.9p1-3ubuntu0.1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 openssh to version 1:8.9p1-3ubuntu0.3 or higher.

    +

    References

    + + +
    + + +

    Denial of Service (DoS)

    @@ -1779,7 +1859,7 @@

    CVE-2022-46908

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.5.21, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
  • @@ -1791,7 +1871,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1850,7 +1930,7 @@

      Arbitrary Code Injection

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 and shadow/passwd@1:4.8.1-2ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.5.21 and shadow/passwd@1:4.8.1-2ubuntu2.1
    @@ -1863,7 +1943,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1872,7 +1952,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 adduser@3.118ubuntu5 @@ -1883,7 +1963,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -1894,7 +1974,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 shadow/login@1:4.8.1-2ubuntu2.1 @@ -1951,7 +2031,7 @@

      Uncontrolled Recursion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.5.21 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -1964,7 +2044,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1973,7 +2053,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 grep@3.7-1build1 @@ -2035,7 +2115,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.5.21 and patch@2.7.6-7build2
    @@ -2048,7 +2128,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 patch@2.7.6-7build2 @@ -2102,7 +2182,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.5.21 and patch@2.7.6-7build2
    @@ -2115,7 +2195,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 patch@2.7.6-7build2 @@ -2153,7 +2233,7 @@

      References

    -

    Information Exposure

    +

    Improper Authentication

    @@ -2169,12 +2249,12 @@

    Information Exposure

  • Vulnerable module: - openssh/openssh-client + openssl/libssl3
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.5.21 and openssl/libssl3@3.0.2-0ubuntu1.10
  • @@ -2187,9 +2267,113 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.21 + + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.21 + + libfido2/libfido2-1@1.10.0-1 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.21 openssh/openssh-client@1:8.9p1-3ubuntu0.1 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.21 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.10 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.21 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.11 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.21 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.3 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 + + krb5/libkrb5-3@1.19.2-2ubuntu0.2 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.21 + + openssl@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.21 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.10 @@ -2201,28 +2385,42 @@

      Detailed paths


      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

      +

      Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

      +

      Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

      +

      The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

      +

      As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 openssh.

      +

      There is no fixed version for Ubuntu:22.04 openssl.

      References


    @@ -2248,7 +2446,7 @@

    CVE-2023-28531

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.5.21 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
  • @@ -2261,7 +2459,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2285,6 +2483,7 @@

      References

    • ADVISORY
    • cve@mitre.org
    • cve@mitre.org
    • +
    • cve@mitre.org

    @@ -2317,7 +2516,7 @@

    NULL Pointer Dereference

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.5.21, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
  • @@ -2329,7 +2528,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2340,11 +2539,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.11 openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -2353,7 +2552,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -2378,6 +2577,12 @@

      References

    • secalert@redhat.com
    • secalert@redhat.com
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com

    @@ -2410,7 +2615,7 @@

    Resource Exhaustion

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20, meta-common-packages@meta and others + docker-image|quay.io/argoproj/argocd@v2.5.21, meta-common-packages@meta and others
  • @@ -2422,7 +2627,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 meta-common-packages@meta @@ -2447,6 +2652,7 @@

      References


      @@ -2478,7 +2684,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 and krb5/libk5crypto3@1.19.2-2ubuntu0.2 + docker-image|quay.io/argoproj/argocd@v2.5.21 and krb5/libk5crypto3@1.19.2-2ubuntu0.2
    @@ -2491,7 +2697,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 krb5/libk5crypto3@1.19.2-2ubuntu0.2 @@ -2500,7 +2706,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 adduser@3.118ubuntu5 @@ -2521,7 +2727,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 adduser@3.118ubuntu5 @@ -2544,7 +2750,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 krb5/libkrb5-3@1.19.2-2ubuntu0.2 @@ -2553,7 +2759,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 adduser@3.118ubuntu5 @@ -2574,7 +2780,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2583,7 +2789,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2594,11 +2800,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.11 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2607,11 +2813,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.11 libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 @@ -2622,7 +2828,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 adduser@3.118ubuntu5 @@ -2641,7 +2847,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 meta-common-packages@meta @@ -2700,7 +2906,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.5.21 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2713,7 +2919,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2722,7 +2928,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 apt@2.4.9 @@ -2733,7 +2939,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2744,7 +2950,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2755,7 +2961,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2766,7 +2972,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2779,7 +2985,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2792,7 +2998,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2801,7 +3007,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2812,7 +3018,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2825,7 +3031,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2834,7 +3040,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2845,7 +3051,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2854,7 +3060,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2865,7 +3071,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2874,7 +3080,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2885,7 +3091,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2898,7 +3104,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2911,7 +3117,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2920,7 +3126,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2931,7 +3137,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2944,7 +3150,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2957,7 +3163,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2966,7 +3172,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2977,7 +3183,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2986,7 +3192,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2997,7 +3203,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -3006,7 +3212,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3017,7 +3223,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3076,7 +3282,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.5.21 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -3089,7 +3295,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 glibc/libc-bin@2.35-0ubuntu3.1 @@ -3098,7 +3304,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 meta-common-packages@meta @@ -3157,7 +3363,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20, git@1:2.34.1-1ubuntu1.9 and others + docker-image|quay.io/argoproj/argocd@v2.5.21, git@1:2.34.1-1ubuntu1.9 and others
    @@ -3169,7 +3375,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 git@1:2.34.1-1ubuntu1.9 @@ -3180,7 +3386,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 git@1:2.34.1-1ubuntu1.9 @@ -3189,7 +3395,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 git-lfs@3.0.2-1ubuntu0.2 @@ -3223,150 +3429,6 @@

      References

      More about this vulnerability

    -
    -
    -

    CVE-2023-28322

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
    • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.5.20, git@1:2.34.1-1ubuntu1.9 and others -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 curl.

    -

    References

    - - -
    - - - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
    • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.5.20, git@1:2.34.1-1ubuntu1.9 and others -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 curl.

    -

    References

    - - -
    - - -

    Improper Input Validation

    @@ -3390,7 +3452,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.5.21 and coreutils@8.32-4.1ubuntu1
  • @@ -3403,7 +3465,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 coreutils@8.32-4.1ubuntu1 @@ -3460,7 +3522,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.5.21 and bash@5.1-6ubuntu1
    @@ -3473,7 +3535,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.20 + docker-image|quay.io/argoproj/argocd@v2.5.21 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.5.21/redis_7.0.11-alpine.html b/docs/snyk/v2.5.21/redis_7.0.11-alpine.html new file mode 100644 index 0000000000000..d1f43de8c966f --- /dev/null +++ b/docs/snyk/v2.5.21/redis_7.0.11-alpine.html @@ -0,0 +1,850 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
      +
      +
      +
      + + + Snyk - Open Source Security + + + + + + + +
      +

      Snyk test report

      + +

      July 30th 2023, 12:27:31 am (UTC+00:00)

      +
      +
      + Scanned the following path: +
        +
      • redis:7.0.11-alpine (apk)
      • +
      +
      + +
      +
      2 known vulnerabilities
      +
      18 vulnerable dependency paths
      +
      18 dependencies
      +
      +
      +
      +
      +
      + + + + + + + +
      Project docker-image|redis
      Path redis:7.0.11-alpine
      Package Manager apk
      +
      +
      +
      +
      +

      Improper Authentication

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Package Manager: alpine:3.18 +
      • +
      • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
      • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
      • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      + +
      + +
      + +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

      +

      Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

      +

      The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

      +

      As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

      +

      Remediation

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

      +

      References

      + + +
      + + + +
      +
      +

      Inefficient Regular Expression Complexity

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Package Manager: alpine:3.18 +
      • +
      • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
      • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
      • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      + +
      + +
      + +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

      +

      The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

      +

      However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

      +

      An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

      +

      The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

      +

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      +

      Remediation

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

      +

      References

      + + +
      + + + +
      +
      +
      +
      + + + diff --git a/docs/snyk/v2.6.12/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.6.12/ghcr.io_dexidp_dex_v2.37.0.html deleted file mode 100644 index 4a788356b57a4..0000000000000 --- a/docs/snyk/v2.6.12/ghcr.io_dexidp_dex_v2.37.0.html +++ /dev/null @@ -1,483 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      July 9th 2023, 12:28:45 am (UTC+00:00)

      -
      -
      - Scanned the following paths: -
        -
      • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
      • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 (gomodules)
      • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
      • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
      • -
      -
      - -
      -
      0 known vulnerabilities
      -
      0 vulnerable dependency paths
      -
      786 dependencies
      -
      -
      -
      -
      - -
      - No known vulnerabilities detected. -
      -
      - - - diff --git a/docs/snyk/v2.6.12/haproxy_2.6.14-alpine.html b/docs/snyk/v2.6.12/haproxy_2.6.14-alpine.html deleted file mode 100644 index fc41b97cb25eb..0000000000000 --- a/docs/snyk/v2.6.12/haproxy_2.6.14-alpine.html +++ /dev/null @@ -1,492 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      July 9th 2023, 12:28:50 am (UTC+00:00)

      -
      -
      - Scanned the following path: -
        -
      • haproxy:2.6.14-alpine (apk)
      • -
      -
      - -
      -
      0 known vulnerabilities
      -
      0 vulnerable dependency paths
      -
      18 dependencies
      -
      -
      -
      -
      -
      - - - - - - - -
      Project docker-image|haproxy
      Path haproxy:2.6.14-alpine
      Package Manager apk
      -
      -
      - No known vulnerabilities detected. -
      -
      - - - diff --git a/docs/snyk/v2.6.12/redis_7.0.11-alpine.html b/docs/snyk/v2.6.12/redis_7.0.11-alpine.html deleted file mode 100644 index 2ff2fffce00ab..0000000000000 --- a/docs/snyk/v2.6.12/redis_7.0.11-alpine.html +++ /dev/null @@ -1,492 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      July 9th 2023, 12:30:12 am (UTC+00:00)

      -
      -
      - Scanned the following path: -
        -
      • redis:7.0.11-alpine (apk)
      • -
      -
      - -
      -
      0 known vulnerabilities
      -
      0 vulnerable dependency paths
      -
      18 dependencies
      -
      -
      -
      -
      -
      - - - - - - - -
      Project docker-image|redis
      Path redis:7.0.11-alpine
      Package Manager apk
      -
      -
      - No known vulnerabilities detected. -
      -
      - - - diff --git a/docs/snyk/v2.6.12/argocd-iac-install.html b/docs/snyk/v2.6.13/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.6.12/argocd-iac-install.html rename to docs/snyk/v2.6.13/argocd-iac-install.html index 7e0c0c47dbbe7..06539ceab160c 100644 --- a/docs/snyk/v2.6.12/argocd-iac-install.html +++ b/docs/snyk/v2.6.13/argocd-iac-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      July 9th 2023, 12:31:50 am (UTC+00:00)

      +

      July 30th 2023, 12:26:09 am (UTC+00:00)

      Scanned the following path: diff --git a/docs/snyk/v2.6.12/argocd-iac-namespace-install.html b/docs/snyk/v2.6.13/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.6.12/argocd-iac-namespace-install.html rename to docs/snyk/v2.6.13/argocd-iac-namespace-install.html index ed77c2323ab38..c674445ae78e9 100644 --- a/docs/snyk/v2.6.12/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.6.13/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      July 9th 2023, 12:32:05 am (UTC+00:00)

      +

      July 30th 2023, 12:26:22 am (UTC+00:00)

      Scanned the following path: diff --git a/docs/snyk/v2.6.12/argocd-test.html b/docs/snyk/v2.6.13/argocd-test.html similarity index 98% rename from docs/snyk/v2.6.12/argocd-test.html rename to docs/snyk/v2.6.13/argocd-test.html index a0a754f473dca..8ca8e695cfdab 100644 --- a/docs/snyk/v2.6.12/argocd-test.html +++ b/docs/snyk/v2.6.13/argocd-test.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      July 9th 2023, 12:28:39 am (UTC+00:00)

      +

      July 30th 2023, 12:23:59 am (UTC+00:00)

      Scanned the following paths: @@ -609,10 +609,12 @@

      Details

      By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

      Remediation

      -

      Upgrade semver to version 7.5.2 or higher.

      +

      Upgrade semver to version 5.7.2, 6.3.1, 7.5.2 or higher.

      References

        +
      • GitHub Commit
      • GitHub Commit
      • +
      • GitHub Commit
      • GitHub PR
      • Vulnerable Code
      • Vulnerable Code
      • diff --git a/docs/snyk/v2.6.13/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.6.13/ghcr.io_dexidp_dex_v2.37.0.html new file mode 100644 index 0000000000000..0ec1df0924aea --- /dev/null +++ b/docs/snyk/v2.6.13/ghcr.io_dexidp_dex_v2.37.0.html @@ -0,0 +1,797 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
        +
        +
        +
        + + + Snyk - Open Source Security + + + + + + + +
        +

        Snyk test report

        + +

        July 30th 2023, 12:24:08 am (UTC+00:00)

        +
        +
        + Scanned the following paths: +
          +
        • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
        • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 (gomodules)
        • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
        • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
        • +
        +
        + +
        +
        2 known vulnerabilities
        +
        14 vulnerable dependency paths
        +
        786 dependencies
        +
        +
        +
        +
        + +
        +
        +
        +

        Improper Authentication

        +
        + +
        + medium severity +
        + +
        + +
          +
        • + Package Manager: alpine:3.18 +
        • +
        • + Vulnerable module: + + openssl/libcrypto3 +
        • + +
        • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
        • +
        + +
        + + +

        Detailed paths

        + +
          +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        + +
        + +
        + +

        NVD Description

        +

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

        +

        Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

        +

        Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

        +

        The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

        +

        As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

        +

        Remediation

        +

        Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

        +

        References

        + + +
        + + + +
        +
        +

        Inefficient Regular Expression Complexity

        +
        + +
        + medium severity +
        + +
        + +
          +
        • + Package Manager: alpine:3.18 +
        • +
        • + Vulnerable module: + + openssl/libcrypto3 +
        • + +
        • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
        • +
        + +
        + + +

        Detailed paths

        + +
          +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        + +
        + +
        + +

        NVD Description

        +

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

        +

        Issue summary: Checking excessively long DH keys or parameters may be very slow.

        +

        Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

        +

        The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

        +

        However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

        +

        An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

        +

        The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

        +

        Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

        +

        The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

        +

        Remediation

        +

        Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

        +

        References

        + + +
        + + + +
        +
        +
        +
        + + + diff --git a/docs/snyk/v2.6.13/haproxy_2.6.14-alpine.html b/docs/snyk/v2.6.13/haproxy_2.6.14-alpine.html new file mode 100644 index 0000000000000..592806d6857c4 --- /dev/null +++ b/docs/snyk/v2.6.13/haproxy_2.6.14-alpine.html @@ -0,0 +1,850 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
        +
        +
        +
        + + + Snyk - Open Source Security + + + + + + + +
        +

        Snyk test report

        + +

        July 30th 2023, 12:24:12 am (UTC+00:00)

        +
        +
        + Scanned the following path: +
          +
        • haproxy:2.6.14-alpine (apk)
        • +
        +
        + +
        +
        2 known vulnerabilities
        +
        18 vulnerable dependency paths
        +
        18 dependencies
        +
        +
        +
        +
        +
        + + + + + + + +
        Project docker-image|haproxy
        Path haproxy:2.6.14-alpine
        Package Manager apk
        +
        +
        +
        +
        +

        Improper Authentication

        +
        + +
        + medium severity +
        + +
        + +
          +
        • + Package Manager: alpine:3.18 +
        • +
        • + Vulnerable module: + + openssl/libcrypto3 +
        • + +
        • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.1-r1 + +
        • +
        + +
        + + +

        Detailed paths

        + +
          +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        + +
        + +
        + +

        NVD Description

        +

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

        +

        Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

        +

        Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

        +

        The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

        +

        As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

        +

        Remediation

        +

        Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

        +

        References

        + + +
        + + + +
        +
        +

        Inefficient Regular Expression Complexity

        +
        + +
        + medium severity +
        + +
        + +
          +
        • + Package Manager: alpine:3.18 +
        • +
        • + Vulnerable module: + + openssl/libcrypto3 +
        • + +
        • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.1-r1 + +
        • +
        + +
        + + +

        Detailed paths

        + +
          +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        + +
        + +
        + +

        NVD Description

        +

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

        +

        Issue summary: Checking excessively long DH keys or parameters may be very slow.

        +

        Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

        +

        The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

        +

        However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

        +

        An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

        +

        The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

        +

        Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

        +

        The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

        +

        Remediation

        +

        Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

        +

        References

        + + +
        + + + +
        +
        +
        +
        + + + diff --git a/docs/snyk/v2.6.12/quay.io_argoproj_argocd_v2.6.12.html b/docs/snyk/v2.6.13/quay.io_argoproj_argocd_v2.6.13.html similarity index 91% rename from docs/snyk/v2.6.12/quay.io_argoproj_argocd_v2.6.12.html rename to docs/snyk/v2.6.13/quay.io_argoproj_argocd_v2.6.13.html index cc429f754e2fd..d9c61189ee298 100644 --- a/docs/snyk/v2.6.12/quay.io_argoproj_argocd_v2.6.12.html +++ b/docs/snyk/v2.6.13/quay.io_argoproj_argocd_v2.6.13.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,18 +456,18 @@

        Snyk test report

        -

        July 9th 2023, 12:30:05 am (UTC+00:00)

        +

        July 30th 2023, 12:24:42 am (UTC+00:00)

        Scanned the following paths:
          -
        • quay.io/argoproj/argocd:v2.6.12/argoproj/argocd (deb)
        • quay.io/argoproj/argocd:v2.6.12/argoproj/argo-cd/v2 (gomodules)
        • quay.io/argoproj/argocd:v2.6.12/kustomize/kustomize/v4 (gomodules)
        • quay.io/argoproj/argocd:v2.6.12/helm/v3 (gomodules)
        • quay.io/argoproj/argocd:v2.6.12/git-lfs/git-lfs (gomodules)
        • +
        • quay.io/argoproj/argocd:v2.6.13/argoproj/argocd (deb)
        • quay.io/argoproj/argocd:v2.6.13/argoproj/argo-cd/v2 (gomodules)
        • quay.io/argoproj/argocd:v2.6.13/kustomize/kustomize/v4 (gomodules)
        • quay.io/argoproj/argocd:v2.6.13/helm/v3 (gomodules)
        • quay.io/argoproj/argocd:v2.6.13/git-lfs/git-lfs (gomodules)
        -
        28 known vulnerabilities
        -
        104 vulnerable dependency paths
        +
        27 known vulnerabilities
        +
        111 vulnerable dependency paths
        2064 dependencies
      @@ -900,7 +900,7 @@

      Improper Validation of Integrity Check Value

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 and systemd/libsystemd0@249.11-0ubuntu3.9 + docker-image|quay.io/argoproj/argocd@v2.6.13 and systemd/libsystemd0@249.11-0ubuntu3.9
    @@ -913,7 +913,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 systemd/libsystemd0@249.11-0ubuntu3.9 @@ -922,7 +922,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 apt@2.4.9 @@ -933,7 +933,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 procps/libprocps8@2:3.3.17-6ubuntu2 @@ -944,7 +944,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 util-linux@2.37.2-4ubuntu3 @@ -955,7 +955,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 util-linux/bsdutils@1:2.37.2-4ubuntu3 @@ -966,7 +966,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 apt@2.4.9 @@ -979,7 +979,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 systemd/libudev1@249.11-0ubuntu3.9 @@ -988,7 +988,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 libfido2/libfido2-1@1.10.0-1 @@ -999,7 +999,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 util-linux@2.37.2-4ubuntu3 @@ -1010,7 +1010,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 apt@2.4.9 @@ -1070,7 +1070,7 @@

      Improper Validation of Integrity Check Value

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 and systemd/libsystemd0@249.11-0ubuntu3.9 + docker-image|quay.io/argoproj/argocd@v2.6.13 and systemd/libsystemd0@249.11-0ubuntu3.9
    @@ -1083,7 +1083,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 systemd/libsystemd0@249.11-0ubuntu3.9 @@ -1092,7 +1092,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 apt@2.4.9 @@ -1103,7 +1103,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 procps/libprocps8@2:3.3.17-6ubuntu2 @@ -1114,7 +1114,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 util-linux@2.37.2-4ubuntu3 @@ -1125,7 +1125,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 util-linux/bsdutils@1:2.37.2-4ubuntu3 @@ -1136,7 +1136,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 apt@2.4.9 @@ -1149,7 +1149,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 systemd/libudev1@249.11-0ubuntu3.9 @@ -1158,7 +1158,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 libfido2/libfido2-1@1.10.0-1 @@ -1169,7 +1169,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 util-linux@2.37.2-4ubuntu3 @@ -1180,7 +1180,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 apt@2.4.9 @@ -1240,7 +1240,7 @@

      Improper Validation of Integrity Check Value

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 and systemd/libsystemd0@249.11-0ubuntu3.9 + docker-image|quay.io/argoproj/argocd@v2.6.13 and systemd/libsystemd0@249.11-0ubuntu3.9
    @@ -1253,7 +1253,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 systemd/libsystemd0@249.11-0ubuntu3.9 @@ -1262,7 +1262,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 apt@2.4.9 @@ -1273,7 +1273,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 procps/libprocps8@2:3.3.17-6ubuntu2 @@ -1284,7 +1284,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 util-linux@2.37.2-4ubuntu3 @@ -1295,7 +1295,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 util-linux/bsdutils@1:2.37.2-4ubuntu3 @@ -1306,7 +1306,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 apt@2.4.9 @@ -1319,7 +1319,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 systemd/libudev1@249.11-0ubuntu3.9 @@ -1328,7 +1328,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 libfido2/libfido2-1@1.10.0-1 @@ -1339,7 +1339,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 util-linux@2.37.2-4ubuntu3 @@ -1350,7 +1350,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 apt@2.4.9 @@ -1387,6 +1387,86 @@

      References

      More about this vulnerability

    +
    +
    +

    CVE-2023-38408

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
    • +
    • + Vulnerable module: + + openssh/openssh-client +
    • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.13 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.13 + + openssh/openssh-client@1:8.9p1-3ubuntu0.1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 openssh to version 1:8.9p1-3ubuntu0.3 or higher.

    +

    References

    + + +
    + + +

    Improper Input Validation

    @@ -1633,7 +1713,7 @@

    CVE-2022-46908

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.6.13, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
  • @@ -1645,7 +1725,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1704,7 +1784,7 @@

      Arbitrary Code Injection

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 and shadow/passwd@1:4.8.1-2ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.6.13 and shadow/passwd@1:4.8.1-2ubuntu2.1
    @@ -1717,7 +1797,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1726,7 +1806,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 adduser@3.118ubuntu5 @@ -1737,7 +1817,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -1748,7 +1828,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 shadow/login@1:4.8.1-2ubuntu2.1 @@ -1805,7 +1885,7 @@

      Uncontrolled Recursion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.6.13 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -1818,7 +1898,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1827,7 +1907,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 grep@3.7-1build1 @@ -1889,7 +1969,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.6.13 and patch@2.7.6-7build2
    @@ -1902,7 +1982,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 patch@2.7.6-7build2 @@ -1956,7 +2036,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.6.13 and patch@2.7.6-7build2
    @@ -1969,7 +2049,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 patch@2.7.6-7build2 @@ -2007,7 +2087,7 @@

      References

    -

    Information Exposure

    +

    Improper Authentication

    @@ -2023,12 +2103,12 @@

    Information Exposure

  • Vulnerable module: - openssh/openssh-client + openssl/libssl3
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.6.13 and openssl/libssl3@3.0.2-0ubuntu1.10
  • @@ -2041,9 +2121,113 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.13 + + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.13 + + libfido2/libfido2-1@1.10.0-1 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.13 openssh/openssh-client@1:8.9p1-3ubuntu0.1 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.13 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.10 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.13 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.11 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.13 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.3 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 + + krb5/libkrb5-3@1.19.2-2ubuntu0.2 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.13 + + openssl@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.13 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.10 @@ -2055,28 +2239,42 @@

      Detailed paths


      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

      +

      Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

      +

      Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

      +

      The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

      +

      As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 openssh.

      +

      There is no fixed version for Ubuntu:22.04 openssl.

      References


    @@ -2102,7 +2300,7 @@

    CVE-2023-28531

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.6.13 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
  • @@ -2115,7 +2313,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2139,6 +2337,7 @@

      References

    • ADVISORY
    • cve@mitre.org
    • cve@mitre.org
    • +
    • cve@mitre.org

    @@ -2171,7 +2370,7 @@

    NULL Pointer Dereference

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.6.13, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
  • @@ -2183,7 +2382,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2194,11 +2393,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.11 openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -2207,7 +2406,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -2232,6 +2431,12 @@

      References

    • secalert@redhat.com
    • secalert@redhat.com
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com

    @@ -2264,7 +2469,7 @@

    Resource Exhaustion

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12, meta-common-packages@meta and others + docker-image|quay.io/argoproj/argocd@v2.6.13, meta-common-packages@meta and others
  • @@ -2276,7 +2481,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 meta-common-packages@meta @@ -2301,6 +2506,7 @@

      References


      @@ -2332,7 +2538,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 and krb5/libk5crypto3@1.19.2-2ubuntu0.2 + docker-image|quay.io/argoproj/argocd@v2.6.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.2
    @@ -2345,7 +2551,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 krb5/libk5crypto3@1.19.2-2ubuntu0.2 @@ -2354,7 +2560,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 adduser@3.118ubuntu5 @@ -2375,7 +2581,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 adduser@3.118ubuntu5 @@ -2398,7 +2604,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 krb5/libkrb5-3@1.19.2-2ubuntu0.2 @@ -2407,7 +2613,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 adduser@3.118ubuntu5 @@ -2428,7 +2634,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2437,7 +2643,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2448,11 +2654,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.11 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2461,11 +2667,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.11 libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 @@ -2476,7 +2682,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 adduser@3.118ubuntu5 @@ -2495,7 +2701,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 meta-common-packages@meta @@ -2554,7 +2760,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.6.13 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2567,7 +2773,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2576,7 +2782,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 apt@2.4.9 @@ -2587,7 +2793,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2598,7 +2804,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2609,7 +2815,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2620,7 +2826,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2633,7 +2839,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2646,7 +2852,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2655,7 +2861,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2666,7 +2872,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2679,7 +2885,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2688,7 +2894,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2699,7 +2905,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2708,7 +2914,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2719,7 +2925,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2728,7 +2934,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2739,7 +2945,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2752,7 +2958,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2765,7 +2971,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2774,7 +2980,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2785,7 +2991,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2798,7 +3004,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2811,7 +3017,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2820,7 +3026,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2831,7 +3037,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2840,7 +3046,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2851,7 +3057,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2860,7 +3066,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2871,7 +3077,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2930,7 +3136,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.6.13 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -2943,7 +3149,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 glibc/libc-bin@2.35-0ubuntu3.1 @@ -2952,7 +3158,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 meta-common-packages@meta @@ -3011,7 +3217,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12, git@1:2.34.1-1ubuntu1.9 and others + docker-image|quay.io/argoproj/argocd@v2.6.13, git@1:2.34.1-1ubuntu1.9 and others
    @@ -3023,7 +3229,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 git@1:2.34.1-1ubuntu1.9 @@ -3034,7 +3240,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 git@1:2.34.1-1ubuntu1.9 @@ -3043,7 +3249,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 git-lfs@3.0.2-1ubuntu0.2 @@ -3077,150 +3283,6 @@

      References

      More about this vulnerability

    -
    -
    -

    CVE-2023-28322

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
    • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.6.12, git@1:2.34.1-1ubuntu1.9 and others -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 curl.

    -

    References

    - - -
    - - - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
    • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.6.12, git@1:2.34.1-1ubuntu1.9 and others -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 curl.

    -

    References

    - - -
    - - -

    Improper Input Validation

    @@ -3244,7 +3306,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.6.13 and coreutils@8.32-4.1ubuntu1
  • @@ -3257,7 +3319,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 coreutils@8.32-4.1ubuntu1 @@ -3314,7 +3376,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.6.13 and bash@5.1-6ubuntu1
    @@ -3327,7 +3389,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.12 + docker-image|quay.io/argoproj/argocd@v2.6.13 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.6.13/redis_7.0.11-alpine.html b/docs/snyk/v2.6.13/redis_7.0.11-alpine.html new file mode 100644 index 0000000000000..1d38a1128301a --- /dev/null +++ b/docs/snyk/v2.6.13/redis_7.0.11-alpine.html @@ -0,0 +1,850 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
      +
      +
      +
      + + + Snyk - Open Source Security + + + + + + + +
      +

      Snyk test report

      + +

      July 30th 2023, 12:24:50 am (UTC+00:00)

      +
      +
      + Scanned the following path: +
        +
      • redis:7.0.11-alpine (apk)
      • +
      +
      + +
      +
      2 known vulnerabilities
      +
      18 vulnerable dependency paths
      +
      18 dependencies
      +
      +
      +
      +
      +
      + + + + + + + +
      Project docker-image|redis
      Path redis:7.0.11-alpine
      Package Manager apk
      +
      +
      +
      +
      +

      Improper Authentication

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Package Manager: alpine:3.18 +
      • +
      • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
      • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
      • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      + +
      + +
      + +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

      +

      Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

      +

      The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

      +

      As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

      +

      Remediation

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

      +

      References

      + + +
      + + + +
      +
      +

      Inefficient Regular Expression Complexity

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Package Manager: alpine:3.18 +
      • +
      • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
      • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
      • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      + +
      + +
      + +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

      +

      The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

      +

      However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

      +

      An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

      +

      The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

      +

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      +

      Remediation

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

      +

      References

      + + +
      + + + +
      +
      +
      +
      + + + diff --git a/docs/snyk/v2.7.7/haproxy_2.6.14-alpine.html b/docs/snyk/v2.7.7/haproxy_2.6.14-alpine.html deleted file mode 100644 index 1345240936aa0..0000000000000 --- a/docs/snyk/v2.7.7/haproxy_2.6.14-alpine.html +++ /dev/null @@ -1,492 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      July 9th 2023, 12:25:05 am (UTC+00:00)

      -
      -
      - Scanned the following path: -
        -
      • haproxy:2.6.14-alpine (apk)
      • -
      -
      - -
      -
      0 known vulnerabilities
      -
      0 vulnerable dependency paths
      -
      18 dependencies
      -
      -
      -
      -
      -
      - - - - - - - -
      Project docker-image|haproxy
      Path haproxy:2.6.14-alpine
      Package Manager apk
      -
      -
      - No known vulnerabilities detected. -
      -
      - - - diff --git a/docs/snyk/v2.7.7/redis_7.0.11-alpine.html b/docs/snyk/v2.7.7/redis_7.0.11-alpine.html deleted file mode 100644 index af32078a9160b..0000000000000 --- a/docs/snyk/v2.7.7/redis_7.0.11-alpine.html +++ /dev/null @@ -1,492 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      July 9th 2023, 12:26:32 am (UTC+00:00)

      -
      -
      - Scanned the following path: -
        -
      • redis:7.0.11-alpine (apk)
      • -
      -
      - -
      -
      0 known vulnerabilities
      -
      0 vulnerable dependency paths
      -
      18 dependencies
      -
      -
      -
      -
      -
      - - - - - - - -
      Project docker-image|redis
      Path redis:7.0.11-alpine
      Package Manager apk
      -
      -
      - No known vulnerabilities detected. -
      -
      - - - diff --git a/docs/snyk/v2.7.7/argocd-iac-install.html b/docs/snyk/v2.7.9/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.7.7/argocd-iac-install.html rename to docs/snyk/v2.7.9/argocd-iac-install.html index 4e2362297bc40..6112822b58ecf 100644 --- a/docs/snyk/v2.7.7/argocd-iac-install.html +++ b/docs/snyk/v2.7.9/argocd-iac-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      July 9th 2023, 12:28:09 am (UTC+00:00)

      +

      July 30th 2023, 12:23:31 am (UTC+00:00)

      Scanned the following path: diff --git a/docs/snyk/v2.7.7/argocd-iac-namespace-install.html b/docs/snyk/v2.7.9/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.7.7/argocd-iac-namespace-install.html rename to docs/snyk/v2.7.9/argocd-iac-namespace-install.html index 4b29fa86b708d..48df22bad2974 100644 --- a/docs/snyk/v2.7.7/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.7.9/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      July 9th 2023, 12:28:22 am (UTC+00:00)

      +

      July 30th 2023, 12:23:45 am (UTC+00:00)

      Scanned the following path: diff --git a/docs/snyk/v2.7.7/argocd-test.html b/docs/snyk/v2.7.9/argocd-test.html similarity index 98% rename from docs/snyk/v2.7.7/argocd-test.html rename to docs/snyk/v2.7.9/argocd-test.html index 2c6423ddd2fff..dcab0ce095774 100644 --- a/docs/snyk/v2.7.7/argocd-test.html +++ b/docs/snyk/v2.7.9/argocd-test.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      July 9th 2023, 12:24:52 am (UTC+00:00)

      +

      July 30th 2023, 12:21:29 am (UTC+00:00)

      Scanned the following paths: @@ -609,10 +609,12 @@

      Details

      By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

      Remediation

      -

      Upgrade semver to version 7.5.2 or higher.

      +

      Upgrade semver to version 5.7.2, 6.3.1, 7.5.2 or higher.

      References

        +
      • GitHub Commit
      • GitHub Commit
      • +
      • GitHub Commit
      • GitHub PR
      • Vulnerable Code
      • Vulnerable Code
      • diff --git a/docs/snyk/v2.7.9/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.7.9/ghcr.io_dexidp_dex_v2.37.0.html new file mode 100644 index 0000000000000..59838a933e9d6 --- /dev/null +++ b/docs/snyk/v2.7.9/ghcr.io_dexidp_dex_v2.37.0.html @@ -0,0 +1,797 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
        +
        +
        +
        + + + Snyk - Open Source Security + + + + + + + +
        +

        Snyk test report

        + +

        July 30th 2023, 12:21:36 am (UTC+00:00)

        +
        +
        + Scanned the following paths: +
          +
        • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
        • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 (gomodules)
        • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
        • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
        • +
        +
        + +
        +
        2 known vulnerabilities
        +
        14 vulnerable dependency paths
        +
        786 dependencies
        +
        +
        +
        +
        + +
        +
        +
        +

        Improper Authentication

        +
        + +
        + medium severity +
        + +
        + +
          +
        • + Package Manager: alpine:3.18 +
        • +
        • + Vulnerable module: + + openssl/libcrypto3 +
        • + +
        • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
        • +
        + +
        + + +

        Detailed paths

        + +
          +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        + +
        + +
        + +

        NVD Description

        +

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

        +

        Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

        +

        Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

        +

        The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

        +

        As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

        +

        Remediation

        +

        Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

        +

        References

        + + +
        + + + +
        +
        +

        Inefficient Regular Expression Complexity

        +
        + +
        + medium severity +
        + +
        + +
          +
        • + Package Manager: alpine:3.18 +
        • +
        • + Vulnerable module: + + openssl/libcrypto3 +
        • + +
        • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
        • +
        + +
        + + +

        Detailed paths

        + +
          +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        + +
        + +
        + +

        NVD Description

        +

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

        +

        Issue summary: Checking excessively long DH keys or parameters may be very slow.

        +

        Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

        +

        The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

        +

        However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

        +

        An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

        +

        The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

        +

        Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

        +

        The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

        +

        Remediation

        +

        Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

        +

        References

        + + +
        + + + +
        +
        +
        +
        + + + diff --git a/docs/snyk/v2.7.9/haproxy_2.6.14-alpine.html b/docs/snyk/v2.7.9/haproxy_2.6.14-alpine.html new file mode 100644 index 0000000000000..9e0ec604811ae --- /dev/null +++ b/docs/snyk/v2.7.9/haproxy_2.6.14-alpine.html @@ -0,0 +1,850 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
        +
        +
        +
        + + + Snyk - Open Source Security + + + + + + + +
        +

        Snyk test report

        + +

        July 30th 2023, 12:21:41 am (UTC+00:00)

        +
        +
        + Scanned the following path: +
          +
        • haproxy:2.6.14-alpine (apk)
        • +
        +
        + +
        +
        2 known vulnerabilities
        +
        18 vulnerable dependency paths
        +
        18 dependencies
        +
        +
        +
        +
        +
        + + + + + + + +
        Project docker-image|haproxy
        Path haproxy:2.6.14-alpine
        Package Manager apk
        +
        +
        +
        +
        +

        Improper Authentication

        +
        + +
        + medium severity +
        + +
        + +
          +
        • + Package Manager: alpine:3.18 +
        • +
        • + Vulnerable module: + + openssl/libcrypto3 +
        • + +
        • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.1-r1 + +
        • +
        + +
        + + +

        Detailed paths

        + +
          +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        + +
        + +
        + +

        NVD Description

        +

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

        +

        Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

        +

        Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

        +

        The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

        +

        As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

        +

        Remediation

        +

        Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

        +

        References

        + + +
        + + + +
        +
        +

        Inefficient Regular Expression Complexity

        +
        + +
        + medium severity +
        + +
        + +
          +
        • + Package Manager: alpine:3.18 +
        • +
        • + Vulnerable module: + + openssl/libcrypto3 +
        • + +
        • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.1-r1 + +
        • +
        + +
        + + +

        Detailed paths

        + +
          +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
        • +
        + +
        + +
        + +

        NVD Description

        +

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

        +

        Issue summary: Checking excessively long DH keys or parameters may be very slow.

        +

        Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

        +

        The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

        +

        However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

        +

        An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

        +

        The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

        +

        Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

        +

        The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

        +

        Remediation

        +

        Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

        +

        References

        + + +
        + + + +
        +
        +
        +
        + + + diff --git a/docs/snyk/v2.7.7/quay.io_argoproj_argocd_v2.7.7.html b/docs/snyk/v2.7.9/quay.io_argoproj_argocd_v2.7.9.html similarity index 90% rename from docs/snyk/v2.7.7/quay.io_argoproj_argocd_v2.7.7.html rename to docs/snyk/v2.7.9/quay.io_argoproj_argocd_v2.7.9.html index 7d94f50a4ec52..e41d9a5bfa611 100644 --- a/docs/snyk/v2.7.7/quay.io_argoproj_argocd_v2.7.7.html +++ b/docs/snyk/v2.7.9/quay.io_argoproj_argocd_v2.7.9.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,18 +456,18 @@

        Snyk test report

        -

        July 9th 2023, 12:26:27 am (UTC+00:00)

        +

        July 30th 2023, 12:22:03 am (UTC+00:00)

        Scanned the following paths:
          -
        • quay.io/argoproj/argocd:v2.7.7/argoproj/argocd (deb)
        • quay.io/argoproj/argocd:v2.7.7/argoproj/argo-cd/v2 (gomodules)
        • quay.io/argoproj/argocd:v2.7.7/kustomize/kustomize/v5 (gomodules)
        • quay.io/argoproj/argocd:v2.7.7/helm/v3 (gomodules)
        • quay.io/argoproj/argocd:v2.7.7/git-lfs/git-lfs (gomodules)
        • +
        • quay.io/argoproj/argocd:v2.7.9/argoproj/argocd (deb)
        • quay.io/argoproj/argocd:v2.7.9/argoproj/argo-cd/v2 (gomodules)
        • quay.io/argoproj/argocd:v2.7.9/kustomize/kustomize/v5 (gomodules)
        • quay.io/argoproj/argocd:v2.7.9/helm/v3 (gomodules)
        • quay.io/argoproj/argocd:v2.7.9/git-lfs/git-lfs (gomodules)
        -
        22 known vulnerabilities
        -
        96 vulnerable dependency paths
        +
        21 known vulnerabilities
        +
        103 vulnerable dependency paths
        2066 dependencies
      @@ -657,7 +657,7 @@

      Improper Validation of Integrity Check Value

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 and systemd/libsystemd0@249.11-0ubuntu3.9 + docker-image|quay.io/argoproj/argocd@v2.7.9 and systemd/libsystemd0@249.11-0ubuntu3.9
    @@ -670,7 +670,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 systemd/libsystemd0@249.11-0ubuntu3.9 @@ -679,7 +679,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 apt@2.4.9 @@ -690,7 +690,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 procps/libprocps8@2:3.3.17-6ubuntu2 @@ -701,7 +701,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 util-linux@2.37.2-4ubuntu3 @@ -712,7 +712,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 util-linux/bsdutils@1:2.37.2-4ubuntu3 @@ -723,7 +723,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 apt@2.4.9 @@ -736,7 +736,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 systemd/libudev1@249.11-0ubuntu3.9 @@ -745,7 +745,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 libfido2/libfido2-1@1.10.0-1 @@ -756,7 +756,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 util-linux@2.37.2-4ubuntu3 @@ -767,7 +767,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 apt@2.4.9 @@ -827,7 +827,7 @@

      Improper Validation of Integrity Check Value

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 and systemd/libsystemd0@249.11-0ubuntu3.9 + docker-image|quay.io/argoproj/argocd@v2.7.9 and systemd/libsystemd0@249.11-0ubuntu3.9
    @@ -840,7 +840,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 systemd/libsystemd0@249.11-0ubuntu3.9 @@ -849,7 +849,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 apt@2.4.9 @@ -860,7 +860,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 procps/libprocps8@2:3.3.17-6ubuntu2 @@ -871,7 +871,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 util-linux@2.37.2-4ubuntu3 @@ -882,7 +882,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 util-linux/bsdutils@1:2.37.2-4ubuntu3 @@ -893,7 +893,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 apt@2.4.9 @@ -906,7 +906,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 systemd/libudev1@249.11-0ubuntu3.9 @@ -915,7 +915,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 libfido2/libfido2-1@1.10.0-1 @@ -926,7 +926,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 util-linux@2.37.2-4ubuntu3 @@ -937,7 +937,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 apt@2.4.9 @@ -997,7 +997,7 @@

      Improper Validation of Integrity Check Value

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 and systemd/libsystemd0@249.11-0ubuntu3.9 + docker-image|quay.io/argoproj/argocd@v2.7.9 and systemd/libsystemd0@249.11-0ubuntu3.9
    @@ -1010,7 +1010,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 systemd/libsystemd0@249.11-0ubuntu3.9 @@ -1019,7 +1019,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 apt@2.4.9 @@ -1030,7 +1030,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 procps/libprocps8@2:3.3.17-6ubuntu2 @@ -1041,7 +1041,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 util-linux@2.37.2-4ubuntu3 @@ -1052,7 +1052,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 util-linux/bsdutils@1:2.37.2-4ubuntu3 @@ -1063,7 +1063,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 apt@2.4.9 @@ -1076,7 +1076,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 systemd/libudev1@249.11-0ubuntu3.9 @@ -1085,7 +1085,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 libfido2/libfido2-1@1.10.0-1 @@ -1096,7 +1096,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 util-linux@2.37.2-4ubuntu3 @@ -1107,7 +1107,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 apt@2.4.9 @@ -1144,6 +1144,86 @@

      References

      More about this vulnerability

    +
    +
    +

    CVE-2023-38408

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
    • +
    • + Vulnerable module: + + openssh/openssh-client +
    • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.9 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.9 + + openssh/openssh-client@1:8.9p1-3ubuntu0.1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 openssh to version 1:8.9p1-3ubuntu0.3 or higher.

    +

    References

    + + +
    + + +

    CVE-2022-46908

    @@ -1168,7 +1248,7 @@

    CVE-2022-46908

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.7.9, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
  • @@ -1180,7 +1260,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1239,7 +1319,7 @@

      Arbitrary Code Injection

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 and shadow/passwd@1:4.8.1-2ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.7.9 and shadow/passwd@1:4.8.1-2ubuntu2.1
    @@ -1252,7 +1332,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1261,7 +1341,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 adduser@3.118ubuntu5 @@ -1272,7 +1352,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -1283,7 +1363,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 shadow/login@1:4.8.1-2ubuntu2.1 @@ -1340,7 +1420,7 @@

      Uncontrolled Recursion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.7.9 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -1353,7 +1433,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1362,7 +1442,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 grep@3.7-1build1 @@ -1424,7 +1504,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.7.9 and patch@2.7.6-7build2
    @@ -1437,7 +1517,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 patch@2.7.6-7build2 @@ -1491,7 +1571,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.7.9 and patch@2.7.6-7build2
    @@ -1504,7 +1584,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 patch@2.7.6-7build2 @@ -1542,7 +1622,7 @@

      References

    -

    Information Exposure

    +

    Improper Authentication

    @@ -1558,12 +1638,12 @@

    Information Exposure

  • Vulnerable module: - openssh/openssh-client + openssl/libssl3
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.7.9 and openssl/libssl3@3.0.2-0ubuntu1.10
  • @@ -1576,9 +1656,113 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.9 + + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.9 + + libfido2/libfido2-1@1.10.0-1 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.9 openssh/openssh-client@1:8.9p1-3ubuntu0.1 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.9 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.10 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.9 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.9 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.3 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 + + krb5/libkrb5-3@1.19.2-2ubuntu0.2 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.9 + + openssl@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.9 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.10 @@ -1590,28 +1774,42 @@

      Detailed paths


      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

      +

      Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

      +

      Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

      +

      The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

      +

      As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 openssh.

      +

      There is no fixed version for Ubuntu:22.04 openssl.

      References


    @@ -1637,7 +1835,7 @@

    CVE-2023-28531

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.7.9 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
  • @@ -1650,7 +1848,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -1674,6 +1872,7 @@

      References

    • ADVISORY
    • cve@mitre.org
    • cve@mitre.org
    • +
    • cve@mitre.org

    @@ -1706,7 +1905,7 @@

    NULL Pointer Dereference

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.7.9, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
  • @@ -1718,7 +1917,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -1729,11 +1928,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -1742,7 +1941,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -1767,6 +1966,12 @@

      References

    • secalert@redhat.com
    • secalert@redhat.com
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com

    @@ -1799,7 +2004,7 @@

    Resource Exhaustion

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7, meta-common-packages@meta and others + docker-image|quay.io/argoproj/argocd@v2.7.9, meta-common-packages@meta and others
  • @@ -1811,7 +2016,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 meta-common-packages@meta @@ -1836,6 +2041,7 @@

      References


      @@ -1867,7 +2073,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 and krb5/libk5crypto3@1.19.2-2ubuntu0.2 + docker-image|quay.io/argoproj/argocd@v2.7.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.2
    @@ -1880,7 +2086,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 krb5/libk5crypto3@1.19.2-2ubuntu0.2 @@ -1889,7 +2095,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 adduser@3.118ubuntu5 @@ -1910,7 +2116,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 adduser@3.118ubuntu5 @@ -1933,7 +2139,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 krb5/libkrb5-3@1.19.2-2ubuntu0.2 @@ -1942,7 +2148,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 adduser@3.118ubuntu5 @@ -1963,7 +2169,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -1972,7 +2178,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -1983,11 +2189,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -1996,11 +2202,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 @@ -2011,7 +2217,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 adduser@3.118ubuntu5 @@ -2030,7 +2236,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 meta-common-packages@meta @@ -2089,7 +2295,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.7.9 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2102,7 +2308,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2111,7 +2317,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 apt@2.4.9 @@ -2122,7 +2328,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2133,7 +2339,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2144,7 +2350,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2155,7 +2361,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2168,7 +2374,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2181,7 +2387,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2190,7 +2396,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2201,7 +2407,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2214,7 +2420,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2223,7 +2429,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2234,7 +2440,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2243,7 +2449,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2254,7 +2460,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2263,7 +2469,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2274,7 +2480,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2287,7 +2493,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2300,7 +2506,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2309,7 +2515,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2320,7 +2526,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2333,7 +2539,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2346,7 +2552,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2355,7 +2561,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2366,7 +2572,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2375,7 +2581,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2386,7 +2592,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2395,7 +2601,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2406,7 +2612,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2465,7 +2671,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.7.9 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -2478,7 +2684,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 glibc/libc-bin@2.35-0ubuntu3.1 @@ -2487,7 +2693,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 meta-common-packages@meta @@ -2546,7 +2752,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7, git@1:2.34.1-1ubuntu1.9 and others + docker-image|quay.io/argoproj/argocd@v2.7.9, git@1:2.34.1-1ubuntu1.9 and others
    @@ -2558,7 +2764,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 git@1:2.34.1-1ubuntu1.9 @@ -2569,7 +2775,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 git@1:2.34.1-1ubuntu1.9 @@ -2578,7 +2784,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 git-lfs@3.0.2-1ubuntu0.2 @@ -2612,150 +2818,6 @@

      References

      More about this vulnerability

    -
    -
    -

    CVE-2023-28322

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
    • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.7.7, git@1:2.34.1-1ubuntu1.9 and others -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 curl.

    -

    References

    - - -
    - - - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
    • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.7.7, git@1:2.34.1-1ubuntu1.9 and others -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 curl.

    -

    References

    - - -
    - - -

    Improper Input Validation

    @@ -2779,7 +2841,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.7.9 and coreutils@8.32-4.1ubuntu1
  • @@ -2792,7 +2854,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 coreutils@8.32-4.1ubuntu1 @@ -2849,7 +2911,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.7.9 and bash@5.1-6ubuntu1
    @@ -2862,7 +2924,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.7 + docker-image|quay.io/argoproj/argocd@v2.7.9 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.7.9/redis_7.0.11-alpine.html b/docs/snyk/v2.7.9/redis_7.0.11-alpine.html new file mode 100644 index 0000000000000..2cfbf3c724cbf --- /dev/null +++ b/docs/snyk/v2.7.9/redis_7.0.11-alpine.html @@ -0,0 +1,850 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
      +
      +
      +
      + + + Snyk - Open Source Security + + + + + + + +
      +

      Snyk test report

      + +

      July 30th 2023, 12:22:08 am (UTC+00:00)

      +
      +
      + Scanned the following path: +
        +
      • redis:7.0.11-alpine (apk)
      • +
      +
      + +
      +
      2 known vulnerabilities
      +
      18 vulnerable dependency paths
      +
      18 dependencies
      +
      +
      +
      +
      +
      + + + + + + + +
      Project docker-image|redis
      Path redis:7.0.11-alpine
      Package Manager apk
      +
      +
      +
      +
      +

      Improper Authentication

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Package Manager: alpine:3.18 +
      • +
      • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
      • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
      • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      + +
      + +
      + +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

      +

      Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

      +

      The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

      +

      As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

      +

      Remediation

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

      +

      References

      + + +
      + + + +
      +
      +

      Inefficient Regular Expression Complexity

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Package Manager: alpine:3.18 +
      • +
      • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
      • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
      • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      + +
      + +
      + +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

      +

      The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

      +

      However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

      +

      An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

      +

      The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

      +

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      +

      Remediation

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

      +

      References

      + + +
      + + + +
      +
      +
      +
      + + + diff --git a/docs/snyk/v2.8.0-rc2/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.8.0-rc2/ghcr.io_dexidp_dex_v2.37.0.html deleted file mode 100644 index f563be4c1dbf5..0000000000000 --- a/docs/snyk/v2.8.0-rc2/ghcr.io_dexidp_dex_v2.37.0.html +++ /dev/null @@ -1,483 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      July 9th 2023, 12:21:56 am (UTC+00:00)

      -
      -
      - Scanned the following paths: -
        -
      • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
      • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 (gomodules)
      • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
      • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
      • -
      -
      - -
      -
      0 known vulnerabilities
      -
      0 vulnerable dependency paths
      -
      786 dependencies
      -
      -
      -
      -
      - -
      - No known vulnerabilities detected. -
      -
      - - - diff --git a/docs/snyk/v2.8.0-rc2/haproxy_2.6.14-alpine.html b/docs/snyk/v2.8.0-rc2/haproxy_2.6.14-alpine.html deleted file mode 100644 index 08faa4d358f3a..0000000000000 --- a/docs/snyk/v2.8.0-rc2/haproxy_2.6.14-alpine.html +++ /dev/null @@ -1,492 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      July 9th 2023, 12:22:00 am (UTC+00:00)

      -
      -
      - Scanned the following path: -
        -
      • haproxy:2.6.14-alpine (apk)
      • -
      -
      - -
      -
      0 known vulnerabilities
      -
      0 vulnerable dependency paths
      -
      18 dependencies
      -
      -
      -
      -
      -
      - - - - - - - -
      Project docker-image|haproxy
      Path haproxy:2.6.14-alpine
      Package Manager apk
      -
      -
      - No known vulnerabilities detected. -
      -
      - - - diff --git a/docs/snyk/v2.8.0-rc2/redis_7.0.11-alpine.html b/docs/snyk/v2.8.0-rc2/redis_7.0.11-alpine.html deleted file mode 100644 index 6252a53e5bebf..0000000000000 --- a/docs/snyk/v2.8.0-rc2/redis_7.0.11-alpine.html +++ /dev/null @@ -1,492 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      July 9th 2023, 12:22:28 am (UTC+00:00)

      -
      -
      - Scanned the following path: -
        -
      • redis:7.0.11-alpine (apk)
      • -
      -
      - -
      -
      0 known vulnerabilities
      -
      0 vulnerable dependency paths
      -
      18 dependencies
      -
      -
      -
      -
      -
      - - - - - - - -
      Project docker-image|redis
      Path redis:7.0.11-alpine
      Package Manager apk
      -
      -
      - No known vulnerabilities detected. -
      -
      - - - diff --git a/docs/snyk/v2.8.0-rc2/argocd-iac-install.html b/docs/snyk/v2.8.0-rc6/argocd-iac-install.html similarity index 98% rename from docs/snyk/v2.8.0-rc2/argocd-iac-install.html rename to docs/snyk/v2.8.0-rc6/argocd-iac-install.html index 37e7c7ae3112a..4bacacfe433d6 100644 --- a/docs/snyk/v2.8.0-rc2/argocd-iac-install.html +++ b/docs/snyk/v2.8.0-rc6/argocd-iac-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      July 9th 2023, 12:24:16 am (UTC+00:00)

      +

      July 30th 2023, 12:20:56 am (UTC+00:00)

      Scanned the following path: @@ -507,7 +507,7 @@

      Role with dangerous permissions

    • - Line number: 18418 + Line number: 18466
    @@ -553,7 +553,7 @@

    Role with dangerous permissions

  • - Line number: 18495 + Line number: 18543
  • @@ -599,7 +599,7 @@

    Role with dangerous permissions

  • - Line number: 18523 + Line number: 18571
  • @@ -645,7 +645,7 @@

    Role with dangerous permissions

  • - Line number: 18571 + Line number: 18619
  • @@ -691,7 +691,7 @@

    Role with dangerous permissions

  • - Line number: 18553 + Line number: 18601
  • @@ -737,7 +737,7 @@

    Role with dangerous permissions

  • - Line number: 18587 + Line number: 18635
  • @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 19671 + Line number: 19725
  • @@ -847,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 19058 + Line number: 19106
  • @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 19279 + Line number: 19333
  • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 19245 + Line number: 19299
  • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 19339 + Line number: 19393
  • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 19426 + Line number: 19480
  • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 19671 + Line number: 19725
  • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 19483 + Line number: 19537
  • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 19756 + Line number: 19810
  • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 20072 + Line number: 20126
  • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 19259 + Line number: 19313
  • @@ -1415,7 +1415,7 @@

    Container is running without liveness probe

  • - Line number: 19058 + Line number: 19106
  • @@ -1467,7 +1467,7 @@

    Container is running without liveness probe

  • - Line number: 19245 + Line number: 19299
  • @@ -1519,7 +1519,7 @@

    Container is running without liveness probe

  • - Line number: 19279 + Line number: 19333
  • @@ -1571,7 +1571,7 @@

    Container is running without liveness probe

  • - Line number: 19426 + Line number: 19480
  • @@ -1623,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 19671 + Line number: 19725
  • @@ -1681,7 +1681,7 @@

    Container is running without memory limit

  • - Line number: 19058 + Line number: 19106
  • @@ -1739,7 +1739,7 @@

    Container is running without memory limit

  • - Line number: 19245 + Line number: 19299
  • @@ -1797,7 +1797,7 @@

    Container is running without memory limit

  • - Line number: 19279 + Line number: 19333
  • @@ -1855,7 +1855,7 @@

    Container is running without memory limit

  • - Line number: 19339 + Line number: 19393
  • @@ -1913,7 +1913,7 @@

    Container is running without memory limit

  • - Line number: 19426 + Line number: 19480
  • @@ -1971,7 +1971,7 @@

    Container is running without memory limit

  • - Line number: 19671 + Line number: 19725
  • @@ -2029,7 +2029,7 @@

    Container is running without memory limit

  • - Line number: 19483 + Line number: 19537
  • @@ -2087,7 +2087,7 @@

    Container is running without memory limit

  • - Line number: 19756 + Line number: 19810
  • @@ -2145,7 +2145,7 @@

    Container is running without memory limit

  • - Line number: 20072 + Line number: 20126
  • @@ -2201,7 +2201,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19169 + Line number: 19223
  • @@ -2257,7 +2257,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19287 + Line number: 19341
  • @@ -2313,7 +2313,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19262 + Line number: 19316
  • @@ -2369,7 +2369,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19360 + Line number: 19414
  • @@ -2425,7 +2425,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19436 + Line number: 19490
  • @@ -2481,7 +2481,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19678 + Line number: 19732
  • @@ -2537,7 +2537,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19644 + Line number: 19698
  • @@ -2593,7 +2593,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19982 + Line number: 20036
  • @@ -2649,7 +2649,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 20220 + Line number: 20274
  • diff --git a/docs/snyk/v2.8.0-rc2/argocd-iac-namespace-install.html b/docs/snyk/v2.8.0-rc6/argocd-iac-namespace-install.html similarity index 98% rename from docs/snyk/v2.8.0-rc2/argocd-iac-namespace-install.html rename to docs/snyk/v2.8.0-rc6/argocd-iac-namespace-install.html index 47cd7fe47ef63..84c2735804224 100644 --- a/docs/snyk/v2.8.0-rc2/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.8.0-rc6/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 9th 2023, 12:24:30 am (UTC+00:00)

    +

    July 30th 2023, 12:21:07 am (UTC+00:00)

    Scanned the following path: @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 1237 + Line number: 1243
  • @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 845 + Line number: 851
  • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 811 + Line number: 817
  • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 905 + Line number: 911
  • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 992 + Line number: 998
  • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 1237 + Line number: 1243
  • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 1049 + Line number: 1055
  • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1322 + Line number: 1328
  • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1638 + Line number: 1644
  • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 825 + Line number: 831
  • @@ -1467,7 +1467,7 @@

    Container is running without liveness probe

  • - Line number: 811 + Line number: 817
  • @@ -1519,7 +1519,7 @@

    Container is running without liveness probe

  • - Line number: 845 + Line number: 851
  • @@ -1571,7 +1571,7 @@

    Container is running without liveness probe

  • - Line number: 992 + Line number: 998
  • @@ -1623,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 1237 + Line number: 1243
  • @@ -1739,7 +1739,7 @@

    Container is running without memory limit

  • - Line number: 811 + Line number: 817
  • @@ -1797,7 +1797,7 @@

    Container is running without memory limit

  • - Line number: 845 + Line number: 851
  • @@ -1855,7 +1855,7 @@

    Container is running without memory limit

  • - Line number: 905 + Line number: 911
  • @@ -1913,7 +1913,7 @@

    Container is running without memory limit

  • - Line number: 992 + Line number: 998
  • @@ -1971,7 +1971,7 @@

    Container is running without memory limit

  • - Line number: 1237 + Line number: 1243
  • @@ -2029,7 +2029,7 @@

    Container is running without memory limit

  • - Line number: 1049 + Line number: 1055
  • @@ -2087,7 +2087,7 @@

    Container is running without memory limit

  • - Line number: 1322 + Line number: 1328
  • @@ -2145,7 +2145,7 @@

    Container is running without memory limit

  • - Line number: 1638 + Line number: 1644
  • @@ -2201,7 +2201,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 735 + Line number: 741
  • @@ -2257,7 +2257,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 853 + Line number: 859
  • @@ -2313,7 +2313,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 828 + Line number: 834
  • @@ -2369,7 +2369,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 926 + Line number: 932
  • @@ -2425,7 +2425,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1002 + Line number: 1008
  • @@ -2481,7 +2481,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1244 + Line number: 1250
  • @@ -2537,7 +2537,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1210 + Line number: 1216
  • @@ -2593,7 +2593,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1548 + Line number: 1554
  • @@ -2649,7 +2649,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1786 + Line number: 1792
  • diff --git a/docs/snyk/v2.7.7/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.8.0-rc6/argocd-test.html similarity index 70% rename from docs/snyk/v2.7.7/ghcr.io_dexidp_dex_v2.37.0.html rename to docs/snyk/v2.8.0-rc6/argocd-test.html index 45783f437da31..89e38498619bc 100644 --- a/docs/snyk/v2.7.7/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.8.0-rc6/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,26 +456,109 @@

    Snyk test report

    -

    July 9th 2023, 12:25:00 am (UTC+00:00)

    +

    July 30th 2023, 12:18:41 am (UTC+00:00)

    Scanned the following paths:
      -
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
    • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 (gomodules)
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
    • +
    • /argo-cd/argoproj/argo-cd/v2 (gomodules)
    • /argo-cd (yarn)
    -
    0 known vulnerabilities
    -
    0 vulnerable dependency paths
    -
    786 dependencies
    +
    1 known vulnerabilities
    +
    1 vulnerable dependency paths
    +
    1804 dependencies

    - No known vulnerabilities detected. +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: golang +
    • +
    • + Vulnerable module: + + nhooyr.io/websocket +
    • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 and others +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + nhooyr.io/websocket@1.8.6 + + + +
    • +
    + +
    + +
    + +

    Overview

    +

    nhooyr.io/websocket is a minimal and idiomatic WebSocket library for Go.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS). A double channel close panic is possible if a peer sent back multiple pongs for every ping. + If the second pong arrived before the ping goroutine deleted its channel from the map, the channel would be closed twice and a panic would + occur.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +
    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
    • +
    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
    • +
    +

    Remediation

    +

    Upgrade nhooyr.io/websocket to version 1.8.7 or higher.

    +

    References

    + + +
    + + + +
    +
    diff --git a/docs/snyk/v2.8.0-rc6/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.8.0-rc6/ghcr.io_dexidp_dex_v2.37.0.html new file mode 100644 index 0000000000000..d8c42b34ca2fc --- /dev/null +++ b/docs/snyk/v2.8.0-rc6/ghcr.io_dexidp_dex_v2.37.0.html @@ -0,0 +1,797 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    July 30th 2023, 12:18:49 am (UTC+00:00)

    +
    +
    + Scanned the following paths: +
      +
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
    • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 (gomodules)
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
    • +
    +
    + +
    +
    2 known vulnerabilities
    +
    14 vulnerable dependency paths
    +
    786 dependencies
    +
    +
    +
    +
    + +
    +
    +
    +

    Improper Authentication

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

    +

    Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

    +

    The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

    +

    As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    +

    References

    + + +
    + + + +
    +
    +

    Inefficient Regular Expression Complexity

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

    +

    However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    +

    References

    + + +
    + + + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.8.0-rc6/haproxy_2.6.14-alpine.html b/docs/snyk/v2.8.0-rc6/haproxy_2.6.14-alpine.html new file mode 100644 index 0000000000000..74514529f4f25 --- /dev/null +++ b/docs/snyk/v2.8.0-rc6/haproxy_2.6.14-alpine.html @@ -0,0 +1,850 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    July 30th 2023, 12:18:54 am (UTC+00:00)

    +
    +
    + Scanned the following path: +
      +
    • haproxy:2.6.14-alpine (apk)
    • +
    +
    + +
    +
    2 known vulnerabilities
    +
    18 vulnerable dependency paths
    +
    18 dependencies
    +
    +
    +
    +
    +
    + + + + + + + +
    Project docker-image|haproxy
    Path haproxy:2.6.14-alpine
    Package Manager apk
    +
    +
    +
    +
    +

    Improper Authentication

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

    +

    Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

    +

    The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

    +

    As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    +

    References

    + + +
    + + + +
    +
    +

    Inefficient Regular Expression Complexity

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

    +

    However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    +

    References

    + + +
    + + + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.8.0-rc2/quay.io_argoproj_argocd_v2.8.0-rc2.html b/docs/snyk/v2.8.0-rc6/quay.io_argoproj_argocd_v2.8.0-rc6.html similarity index 91% rename from docs/snyk/v2.8.0-rc2/quay.io_argoproj_argocd_v2.8.0-rc2.html rename to docs/snyk/v2.8.0-rc6/quay.io_argoproj_argocd_v2.8.0-rc6.html index 3517f43e60638..64e0e9459d643 100644 --- a/docs/snyk/v2.8.0-rc2/quay.io_argoproj_argocd_v2.8.0-rc2.html +++ b/docs/snyk/v2.8.0-rc6/quay.io_argoproj_argocd_v2.8.0-rc6.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,18 +456,18 @@

    Snyk test report

    -

    July 9th 2023, 12:22:24 am (UTC+00:00)

    +

    July 30th 2023, 12:19:16 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.8.0-rc2/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.8.0-rc2/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.8.0-rc2/kustomize/kustomize/v5 (gomodules)
    • quay.io/argoproj/argocd:v2.8.0-rc2/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.8.0-rc2/git-lfs/git-lfs (gomodules)
    • +
    • quay.io/argoproj/argocd:v2.8.0-rc6/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.8.0-rc6/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.8.0-rc6/kustomize/kustomize/v5 (gomodules)
    • quay.io/argoproj/argocd:v2.8.0-rc6/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.8.0-rc6/git-lfs/git-lfs (gomodules)
    -
    21 known vulnerabilities
    -
    95 vulnerable dependency paths
    +
    19 known vulnerabilities
    +
    101 vulnerable dependency paths
    2112 dependencies
    @@ -578,7 +578,7 @@

    Improper Validation of Integrity Check Value

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 and systemd/libsystemd0@249.11-0ubuntu3.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and systemd/libsystemd0@249.11-0ubuntu3.9
  • @@ -591,7 +591,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 systemd/libsystemd0@249.11-0ubuntu3.9 @@ -600,7 +600,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 apt@2.4.9 @@ -611,7 +611,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 procps/libprocps8@2:3.3.17-6ubuntu2 @@ -622,7 +622,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 util-linux@2.37.2-4ubuntu3 @@ -633,7 +633,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 util-linux/bsdutils@1:2.37.2-4ubuntu3 @@ -644,7 +644,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 apt@2.4.9 @@ -657,7 +657,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 systemd/libudev1@249.11-0ubuntu3.9 @@ -666,7 +666,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 libfido2/libfido2-1@1.10.0-1 @@ -677,7 +677,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 util-linux@2.37.2-4ubuntu3 @@ -688,7 +688,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 apt@2.4.9 @@ -748,7 +748,7 @@

      Improper Validation of Integrity Check Value

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 and systemd/libsystemd0@249.11-0ubuntu3.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and systemd/libsystemd0@249.11-0ubuntu3.9
    @@ -761,7 +761,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 systemd/libsystemd0@249.11-0ubuntu3.9 @@ -770,7 +770,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 apt@2.4.9 @@ -781,7 +781,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 procps/libprocps8@2:3.3.17-6ubuntu2 @@ -792,7 +792,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 util-linux@2.37.2-4ubuntu3 @@ -803,7 +803,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 util-linux/bsdutils@1:2.37.2-4ubuntu3 @@ -814,7 +814,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 apt@2.4.9 @@ -827,7 +827,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 systemd/libudev1@249.11-0ubuntu3.9 @@ -836,7 +836,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 libfido2/libfido2-1@1.10.0-1 @@ -847,7 +847,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 util-linux@2.37.2-4ubuntu3 @@ -858,7 +858,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 apt@2.4.9 @@ -918,7 +918,7 @@

      Improper Validation of Integrity Check Value

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 and systemd/libsystemd0@249.11-0ubuntu3.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and systemd/libsystemd0@249.11-0ubuntu3.9
    @@ -931,7 +931,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 systemd/libsystemd0@249.11-0ubuntu3.9 @@ -940,7 +940,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 apt@2.4.9 @@ -951,7 +951,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 procps/libprocps8@2:3.3.17-6ubuntu2 @@ -962,7 +962,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 util-linux@2.37.2-4ubuntu3 @@ -973,7 +973,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 util-linux/bsdutils@1:2.37.2-4ubuntu3 @@ -984,7 +984,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 apt@2.4.9 @@ -997,7 +997,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 systemd/libudev1@249.11-0ubuntu3.9 @@ -1006,7 +1006,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 libfido2/libfido2-1@1.10.0-1 @@ -1017,7 +1017,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 util-linux@2.37.2-4ubuntu3 @@ -1028,7 +1028,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 apt@2.4.9 @@ -1089,7 +1089,7 @@

      CVE-2022-46908

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    @@ -1101,7 +1101,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1160,7 +1160,7 @@

      Arbitrary Code Injection

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 and shadow/passwd@1:4.8.1-2ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and shadow/passwd@1:4.8.1-2ubuntu2.1
    @@ -1173,7 +1173,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1182,7 +1182,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 adduser@3.118ubuntu5 @@ -1193,9 +1193,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.3 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1204,7 +1204,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 shadow/login@1:4.8.1-2ubuntu2.1 @@ -1261,7 +1261,7 @@

      Uncontrolled Recursion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -1274,7 +1274,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1283,7 +1283,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 grep@3.7-1build1 @@ -1345,7 +1345,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and patch@2.7.6-7build2
    @@ -1358,7 +1358,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 patch@2.7.6-7build2 @@ -1412,7 +1412,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and patch@2.7.6-7build2
    @@ -1425,7 +1425,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 patch@2.7.6-7build2 @@ -1463,7 +1463,7 @@

      References

    -

    Information Exposure

    +

    Improper Authentication

    @@ -1479,12 +1479,12 @@

    Information Exposure

  • Vulnerable module: - openssh/openssh-client + openssl/libssl3
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and openssl/libssl3@3.0.2-0ubuntu1.10
  • @@ -1497,9 +1497,113 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + + libfido2/libfido2-1@1.10.0-1 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + + openssh/openssh-client@1:8.9p1-3ubuntu0.3 - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.10 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.3 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 + + krb5/libkrb5-3@1.19.2-2ubuntu0.2 + + openssl/libssl3@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + + openssl@3.0.2-0ubuntu1.10 + + + +
    • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.10 @@ -1511,28 +1615,42 @@

      Detailed paths


      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

      +

      Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

      +

      Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

      +

      The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

      +

      As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 openssh.

      +

      There is no fixed version for Ubuntu:22.04 openssl.

      References


    @@ -1558,7 +1676,7 @@

    CVE-2023-28531

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and openssh/openssh-client@1:8.9p1-3ubuntu0.3
  • @@ -1571,9 +1689,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.3 @@ -1595,6 +1713,7 @@

      References

    • ADVISORY
    • cve@mitre.org
    • cve@mitre.org
    • +
    • cve@mitre.org

    @@ -1627,7 +1746,7 @@

    NULL Pointer Dereference

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
  • @@ -1639,33 +1758,33 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/dirmngr@2.2.27-3ubuntu2.1 - openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 + openldap/libldap-2.5-0@2.5.15+dfsg-0ubuntu0.22.04.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 + openldap/libldap-2.5-0@2.5.15+dfsg-0ubuntu0.22.04.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 + openldap/libldap-common@2.5.15+dfsg-0ubuntu0.22.04.1 @@ -1688,6 +1807,12 @@

      References

    • secalert@redhat.com
    • secalert@redhat.com
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com
    • +
    • secalert@redhat.com

    @@ -1720,7 +1845,7 @@

    Resource Exhaustion

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2, meta-common-packages@meta and others + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6, meta-common-packages@meta and others
  • @@ -1732,7 +1857,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 meta-common-packages@meta @@ -1757,6 +1882,7 @@

      References


      @@ -1788,7 +1914,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 and krb5/libk5crypto3@1.19.2-2ubuntu0.2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and krb5/libk5crypto3@1.19.2-2ubuntu0.2
    @@ -1801,7 +1927,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 krb5/libk5crypto3@1.19.2-2ubuntu0.2 @@ -1810,7 +1936,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 adduser@3.118ubuntu5 @@ -1831,7 +1957,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 adduser@3.118ubuntu5 @@ -1854,7 +1980,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 krb5/libkrb5-3@1.19.2-2ubuntu0.2 @@ -1863,7 +1989,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 adduser@3.118ubuntu5 @@ -1884,7 +2010,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -1893,9 +2019,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.3 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -1904,11 +2030,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -1917,11 +2043,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 @@ -1932,7 +2058,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 adduser@3.118ubuntu5 @@ -1951,7 +2077,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 meta-common-packages@meta @@ -2010,7 +2136,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2023,7 +2149,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2032,7 +2158,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 apt@2.4.9 @@ -2043,7 +2169,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2054,7 +2180,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2065,7 +2191,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2076,7 +2202,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2089,7 +2215,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2102,7 +2228,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2111,7 +2237,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2122,7 +2248,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2135,7 +2261,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2144,7 +2270,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2155,7 +2281,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2164,7 +2290,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2175,7 +2301,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2184,7 +2310,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2195,7 +2321,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2208,7 +2334,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2221,7 +2347,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2230,7 +2356,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2241,7 +2367,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2254,7 +2380,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2267,7 +2393,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2276,7 +2402,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2287,7 +2413,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2296,7 +2422,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2307,7 +2433,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2316,7 +2442,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2327,7 +2453,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2386,7 +2512,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -2399,7 +2525,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 glibc/libc-bin@2.35-0ubuntu3.1 @@ -2408,7 +2534,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 meta-common-packages@meta @@ -2467,7 +2593,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2, git@1:2.34.1-1ubuntu1.9 and others + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6, git@1:2.34.1-1ubuntu1.9 and others
    @@ -2479,7 +2605,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 git@1:2.34.1-1ubuntu1.9 @@ -2490,7 +2616,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 git@1:2.34.1-1ubuntu1.9 @@ -2499,7 +2625,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 git-lfs@3.0.2-1ubuntu0.2 @@ -2533,150 +2659,6 @@

      References

      More about this vulnerability

    -
    -
    -

    CVE-2023-28322

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
    • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2, git@1:2.34.1-1ubuntu1.9 and others -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 curl.

    -

    References

    - - -
    - - - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
    • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2, git@1:2.34.1-1ubuntu1.9 and others -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 curl.

    -

    References

    - - -
    - - -

    Improper Input Validation

    @@ -2700,7 +2682,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and coreutils@8.32-4.1ubuntu1
  • @@ -2713,7 +2695,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 coreutils@8.32-4.1ubuntu1 @@ -2770,7 +2752,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and bash@5.1-6ubuntu1
    @@ -2783,7 +2765,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.8.0-rc6/redis_7.0.11-alpine.html b/docs/snyk/v2.8.0-rc6/redis_7.0.11-alpine.html new file mode 100644 index 0000000000000..df0c944b6ad3b --- /dev/null +++ b/docs/snyk/v2.8.0-rc6/redis_7.0.11-alpine.html @@ -0,0 +1,850 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
      +
      +
      +
      + + + Snyk - Open Source Security + + + + + + + +
      +

      Snyk test report

      + +

      July 30th 2023, 12:19:21 am (UTC+00:00)

      +
      +
      + Scanned the following path: +
        +
      • redis:7.0.11-alpine (apk)
      • +
      +
      + +
      +
      2 known vulnerabilities
      +
      18 vulnerable dependency paths
      +
      18 dependencies
      +
      +
      +
      +
      +
      + + + + + + + +
      Project docker-image|redis
      Path redis:7.0.11-alpine
      Package Manager apk
      +
      +
      +
      +
      +

      Improper Authentication

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Package Manager: alpine:3.18 +
      • +
      • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
      • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
      • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      + +
      + +
      + +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

      +

      Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

      +

      The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

      +

      As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

      +

      Remediation

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

      +

      References

      + + +
      + + + +
      +
      +

      Inefficient Regular Expression Complexity

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Package Manager: alpine:3.18 +
      • +
      • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
      • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
      • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
      + +
      + +
      + +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

      +

      The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

      +

      However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

      +

      An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

      +

      The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

      +

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      +

      Remediation

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

      +

      References

      + + +
      + + + +
      +
      +
      +
      + + + From c3970b462ee8ff270b37bc0533b389430bb81ee9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Jul 2023 04:46:07 +0000 Subject: [PATCH 058/105] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.309 to 1.44.312 (#14782) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.309 to 1.44.312. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.309...v1.44.312) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d2cd70946e762..148caf1cc97f5 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230607163028-425d65e07695 github.com/argoproj/notifications-engine v0.4.1-0.20230620204159-3446d4ae8520 github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 - github.com/aws/aws-sdk-go v1.44.309 + github.com/aws/aws-sdk-go v1.44.312 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 diff --git a/go.sum b/go.sum index b821d5ca84d7a..3d6d7e0d6ed56 100644 --- a/go.sum +++ b/go.sum @@ -719,8 +719,8 @@ github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.309 h1:IPJOFBzXekakxmEpDwd4RTKmmBR6LIAiXgNsM51bWbU= -github.com/aws/aws-sdk-go v1.44.309/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.312 h1:llrElfzeqG/YOLFFKjg1xNpZCFJ2xraIi3PqSuP+95k= +github.com/aws/aws-sdk-go v1.44.312/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= From 6e3bd70a8bb46b7e5d3711fa7acb4a793bbdeaf1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Jul 2023 04:55:38 +0000 Subject: [PATCH 059/105] chore(deps): bump github.com/xanzy/go-gitlab from 0.88.0 to 0.89.0 (#14784) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.88.0 to 0.89.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.88.0...v0.89.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 148caf1cc97f5..fd0689b4394a2 100644 --- a/go.mod +++ b/go.mod @@ -70,7 +70,7 @@ require ( github.com/stretchr/testify v1.8.4 github.com/valyala/fasttemplate v1.2.2 github.com/whilp/git-urls v1.0.0 - github.com/xanzy/go-gitlab v0.88.0 + github.com/xanzy/go-gitlab v0.89.0 github.com/yuin/gopher-lua v1.1.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 go.opentelemetry.io/otel v1.16.0 diff --git a/go.sum b/go.sum index 3d6d7e0d6ed56..5f164ad6e9ee7 100644 --- a/go.sum +++ b/go.sum @@ -1801,8 +1801,8 @@ github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU= github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE= -github.com/xanzy/go-gitlab v0.88.0 h1:9GHBrxyCUNZZNuAsbJ1NbEH6XAYsKyTn6NfE0wYO5SY= -github.com/xanzy/go-gitlab v0.88.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/xanzy/go-gitlab v0.89.0 h1:yJuy1Pw+to/NqHzVIiopt/VApoHvGDB5SEGuRs3EJpI= +github.com/xanzy/go-gitlab v0.89.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= From 58138ad0a5e3951a12f407cd71fa2ebe2ae83295 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Jul 2023 04:59:00 +0000 Subject: [PATCH 060/105] chore(deps): bump github.com/casbin/casbin/v2 from 2.72.1 to 2.73.0 (#14783) Bumps [github.com/casbin/casbin/v2](https://github.com/casbin/casbin) from 2.72.1 to 2.73.0. - [Release notes](https://github.com/casbin/casbin/releases) - [Changelog](https://github.com/casbin/casbin/blob/master/.releaserc.json) - [Commits](https://github.com/casbin/casbin/compare/v2.72.1...v2.73.0) --- updated-dependencies: - dependency-name: github.com/casbin/casbin/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index fd0689b4394a2..681353f9cbf40 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 - github.com/casbin/casbin/v2 v2.72.1 + github.com/casbin/casbin/v2 v2.73.0 github.com/coreos/go-oidc/v3 v3.6.0 github.com/cyphar/filepath-securejoin v0.2.3 github.com/dustin/go-humanize v1.0.1 diff --git a/go.sum b/go.sum index 5f164ad6e9ee7..c4174584c8ccf 100644 --- a/go.sum +++ b/go.sum @@ -749,8 +749,8 @@ github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7N github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= -github.com/casbin/casbin/v2 v2.72.1 h1:AF6JM0pvyi+tRyudiyTI/rF08RvBZ4NV897kk82CCZs= -github.com/casbin/casbin/v2 v2.72.1/go.mod h1:mzGx0hYW9/ksOSpw3wNjk3NRAroq5VMFYUQ6G43iGPk= +github.com/casbin/casbin/v2 v2.73.0 h1:Qgy70fd90wXrDvSLBAFrDBNYv34lCqppK24vF0OHv/M= +github.com/casbin/casbin/v2 v2.73.0/go.mod h1:mzGx0hYW9/ksOSpw3wNjk3NRAroq5VMFYUQ6G43iGPk= github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= From 8b5118c8e07e05022f0285d16ae673b486970d1e Mon Sep 17 00:00:00 2001 From: Dylan Page Date: Mon, 31 Jul 2023 10:16:20 -0400 Subject: [PATCH 061/105] chore: add Autodesk to USERS.md (#14778) Signed-off-by: Dylan Page --- USERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/USERS.md b/USERS.md index 5d83fde59ed32..db1a5f0da6ff5 100644 --- a/USERS.md +++ b/USERS.md @@ -24,6 +24,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [AppDirect](https://www.appdirect.com) 1. [Arctiq Inc.](https://www.arctiq.ca) 1. [ARZ Allgemeines Rechenzentrum GmbH](https://www.arz.at/) +2. [Autodesk](https://www.autodesk.com) 1. [Axual B.V.](https://axual.com) 1. [Back Market](https://www.backmarket.com) 1. [Baloise](https://www.baloise.com) From 2205b94f4e4880fedc493130d0c0f72b4eaade5c Mon Sep 17 00:00:00 2001 From: Jonathan West Date: Mon, 31 Jul 2023 11:52:54 -0400 Subject: [PATCH 062/105] chore: Add query-scoped cluster URL in Cluster Secret E2E tests (#14446) * Add query-scoped cluster URL in Cluster Secret E2E tests Signed-off-by: Jonathan West * Respond to review comments Signed-off-by: Jonathan West --------- Signed-off-by: Jonathan West --- test/e2e/accounts_test.go | 3 +- test/e2e/deployment_test.go | 311 ++++++++++++++++++++++++++++ test/e2e/fixture/cluster/actions.go | 4 +- test/e2e/fixture/cluster/context.go | 18 +- test/e2e/fixture/fixture.go | 29 +++ 5 files changed, 355 insertions(+), 10 deletions(-) diff --git a/test/e2e/accounts_test.go b/test/e2e/accounts_test.go index f794dce7a56e9..54eba790af2c5 100644 --- a/test/e2e/accounts_test.go +++ b/test/e2e/accounts_test.go @@ -14,7 +14,6 @@ import ( "github.com/argoproj/argo-cd/v2/cmd/argocd/commands/headless" "github.com/argoproj/argo-cd/v2/pkg/apiclient/account" "github.com/argoproj/argo-cd/v2/pkg/apiclient/session" - "github.com/argoproj/argo-cd/v2/test/e2e/fixture" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture" accountFixture "github.com/argoproj/argo-cd/v2/test/e2e/fixture/account" "github.com/argoproj/argo-cd/v2/util/io" @@ -77,7 +76,7 @@ func TestCanIGetLogsAllowSwitchOn(t *testing.T) { When(). Create(). Login(). - SetPermissions([]fixture.ACL{ + SetPermissions([]ACL{ { Resource: "logs", Action: "get", diff --git a/test/e2e/deployment_test.go b/test/e2e/deployment_test.go index 085ecee244ba2..20e79c2aff56c 100644 --- a/test/e2e/deployment_test.go +++ b/test/e2e/deployment_test.go @@ -1,12 +1,22 @@ package e2e import ( + "context" + "encoding/json" "fmt" + "os" "testing" + "time" "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/clientcmd" + "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/util/argo" + "github.com/argoproj/argo-cd/v2/util/clusterauth" "github.com/argoproj/gitops-engine/pkg/health" . "github.com/argoproj/gitops-engine/pkg/sync/common" @@ -108,3 +118,304 @@ func TestDeploymentWithoutTrackingMode(t *testing.T) { `, ctx.AppName())) }) } + +// This test verifies that Argo CD can: +// A) Deploy to a cluster where the URL of the cluster contains a query parameter: e.g. https://(kubernetes-url):443/?context=some-val +// and +// B) Multiple users can deploy to the same K8s cluster, using above mechanism (but with different Argo CD Cluster Secrets, and different ServiceAccounts) +func TestDeployToKubernetesAPIURLWithQueryParameter(t *testing.T) { + + // We test with both a cluster-scoped, and a non-cluster scoped, Argo CD Cluster Secret. + clusterScopedParam := []bool{false, true} + for _, clusterScoped := range clusterScopedParam { + + EnsureCleanState(t) + + // Simulate two users, each with their own Argo CD cluster secret that can only deploy to their Namespace + users := []string{E2ETestPrefix + "user1", E2ETestPrefix + "user2"} + + for _, username := range users { + createNamespaceScopedUser(t, username, clusterScoped) + + GivenWithSameState(t). + Name("e2e-test-app-"+username). + Path("deployment"). + When(). + CreateWithNoNameSpace("--dest-namespace", username). + Sync(). + Then(). + Expect(OperationPhaseIs(OperationSucceeded)). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + Expect(HealthIs(health.HealthStatusHealthy)) + } + + } + +} + +// This test verifies that Argo CD can: +// When multiple Argo CD cluster secrets used to deploy to the same cluster (using query parameters), that the ServiceAccount RBAC +// fully enforces user boundary. +// Our simulated user's ServiceAccounts should not be able to deploy into a namespace that is outside that SA's RBAC. +func TestArgoCDSupportsMultipleServiceAccountsWithDifferingRBACOnSameCluster(t *testing.T) { + + // We test with both a cluster-scoped, and a non-cluster scoped, Argo CD Cluster Secret. + clusterScopedParam := []bool{ /*false,*/ true} + + for _, clusterScoped := range clusterScopedParam { + + EnsureCleanState(t) + + // Simulate two users, each with their own Argo CD cluster secret that can only deploy to their Namespace + users := []string{E2ETestPrefix + "user1", E2ETestPrefix + "user2"} + + for _, username := range users { + createNamespaceScopedUser(t, username, clusterScoped) + } + + for idx, username := range users { + + // we should use user-a's serviceaccount to deploy to user-b's namespace, and vice versa + // - If everything as working as expected, this should fail. + otherUser := users[(idx+1)%len(users)] + + // e.g. Attempt to deploy to user1's namespace, with user2's cluster Secret. This should fail, as user2's cluster Secret does not have the requisite permissions. + consequences := GivenWithSameState(t). + Name("e2e-test-app-"+username). + DestName(E2ETestPrefix+"cluster-"+otherUser). + Path("deployment"). + When(). + CreateWithNoNameSpace("--dest-namespace", username).IgnoreErrors(). + Sync().Then() + + // The error message differs based on whether the Argo CD Cluster Secret is namespace-scoped or cluster-scoped, but the idea is the same: + // - Even when deploying to the same cluster using 2 separate ServiceAccounts, the RBAC of those ServiceAccounts should continue to fully enforce RBAC boundaries. + + if !clusterScoped { + consequences.Expect(Condition(ApplicationConditionComparisonError, "Namespace \""+username+"\" for Deployment \"nginx-deployment\" is not managed")) + } else { + consequences.Expect(OperationMessageContains("User \"system:serviceaccount:" + otherUser + ":" + otherUser + "-serviceaccount\" cannot create resource \"deployments\" in API group \"apps\" in the namespace \"" + username + "\"")) + } + } + + } +} + +// generateReadOnlyClusterRoleandBindingForServiceAccount creates a ClusterRole/Binding that allows a ServiceAccount in a given namespace to read all resources on a cluster. +// - This allows the ServiceAccount to be used within a cluster-scoped Argo CD Cluster Secret +func generateReadOnlyClusterRoleandBindingForServiceAccount(roleSuffix string, serviceAccountNS string) (rbacv1.ClusterRole, rbacv1.ClusterRoleBinding) { + + clusterRole := rbacv1.ClusterRole{ + ObjectMeta: metav1.ObjectMeta{ + Name: E2ETestPrefix + "read-all-" + roleSuffix, + }, + Rules: []rbacv1.PolicyRule{{ + Verbs: []string{"get", "list", "watch"}, + Resources: []string{"*"}, + APIGroups: []string{"*"}, + }}, + } + + clusterRoleBinding := rbacv1.ClusterRoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: E2ETestPrefix + "read-all-" + roleSuffix, + }, + Subjects: []rbacv1.Subject{{ + Kind: rbacv1.ServiceAccountKind, + Namespace: serviceAccountNS, + Name: roleSuffix + "-serviceaccount", + }}, + RoleRef: rbacv1.RoleRef{ + APIGroup: "rbac.authorization.k8s.io", + Kind: "ClusterRole", + Name: clusterRole.Name, + }, + } + + return clusterRole, clusterRoleBinding +} + +// buildArgoCDClusterSecret build (but does not create) an Argo CD Cluster Secret object with the given values +func buildArgoCDClusterSecret(secretName, secretNamespace, clusterName, clusterServer, clusterConfigJSON, clusterResources, clusterNamespaces string) corev1.Secret { + res := corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: secretName, + Namespace: secretNamespace, + Labels: map[string]string{ + common.LabelKeySecretType: common.LabelValueSecretTypeCluster, + }, + }, + Data: map[string][]byte{ + "name": ([]byte)(clusterName), + "server": ([]byte)(clusterServer), + "config": ([]byte)(string(clusterConfigJSON)), + }, + } + + if clusterResources != "" { + res.Data["clusterResources"] = ([]byte)(clusterResources) + } + + if clusterNamespaces != "" { + res.Data["namespaces"] = ([]byte)(clusterNamespaces) + } + + return res +} + +// createNamespaceScopedUser +// - username = name of Namespace the simulated user is able to deploy to +// - clusterScopedSecrets = whether the Service Account is namespace-scoped or cluster-scoped. +func createNamespaceScopedUser(t *testing.T, username string, clusterScopedSecrets bool) { + + // Create a new Namespace for our simulated user + ns := corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: username, + }, + } + _, err := KubeClientset.CoreV1().Namespaces().Create(context.Background(), &ns, metav1.CreateOptions{}) + assert.Nil(t, err) + + // Create a ServiceAccount in that Namespace, which will be used for the Argo CD Cluster SEcret + serviceAccountName := username + "-serviceaccount" + err = clusterauth.CreateServiceAccount(KubeClientset, serviceAccountName, ns.Name) + assert.Nil(t, err) + + // Create a Role that allows the ServiceAccount to read/write all within the Namespace + role := rbacv1.Role{ + ObjectMeta: metav1.ObjectMeta{ + Name: E2ETestPrefix + "allow-all", + Namespace: ns.Name, + }, + Rules: []rbacv1.PolicyRule{{ + Verbs: []string{"*"}, + Resources: []string{"*"}, + APIGroups: []string{"*"}, + }}, + } + _, err = KubeClientset.RbacV1().Roles(role.Namespace).Create(context.Background(), &role, metav1.CreateOptions{}) + assert.Nil(t, err) + + // Bind the Role with the ServiceAccount in the Namespace + roleBinding := rbacv1.RoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: E2ETestPrefix + "allow-all-binding", + Namespace: ns.Name, + }, + Subjects: []rbacv1.Subject{{ + Kind: rbacv1.ServiceAccountKind, + Name: serviceAccountName, + Namespace: ns.Name, + }}, + RoleRef: rbacv1.RoleRef{ + APIGroup: "rbac.authorization.k8s.io", + Kind: "Role", + Name: role.Name, + }, + } + _, err = KubeClientset.RbacV1().RoleBindings(roleBinding.Namespace).Create(context.Background(), &roleBinding, metav1.CreateOptions{}) + assert.Nil(t, err) + + // Retrieve the bearer token from the ServiceAccount + token, err := clusterauth.GetServiceAccountBearerToken(KubeClientset, ns.Name, serviceAccountName, time.Second*60) + assert.Nil(t, err) + assert.NotEmpty(t, token) + + // In order to test a cluster-scoped Argo CD Cluster Secret, we may optionally grant the ServiceAccount read-all permissions at cluster scope. + if clusterScopedSecrets { + clusterRole, clusterRoleBinding := generateReadOnlyClusterRoleandBindingForServiceAccount(username, username) + + _, err := KubeClientset.RbacV1().ClusterRoles().Create(context.Background(), &clusterRole, metav1.CreateOptions{}) + assert.Nil(t, err) + + _, err = KubeClientset.RbacV1().ClusterRoleBindings().Create(context.Background(), &clusterRoleBinding, metav1.CreateOptions{}) + assert.Nil(t, err) + + } + + // Build the Argo CD Cluster Secret by using the service account token, and extracting needed values from kube config + clusterSecretConfigJSON := ClusterConfig{ + BearerToken: token, + TLSClientConfig: TLSClientConfig{ + Insecure: true, + }, + } + + jsonStringBytes, err := json.Marshal(clusterSecretConfigJSON) + assert.Nil(t, err) + + _, apiURL, err := extractKubeConfigValues() + assert.Nil(t, err) + + clusterResourcesField := "" + namespacesField := "" + + if !clusterScopedSecrets { + clusterResourcesField = "false" + namespacesField = ns.Name + } + + // We create an Argo CD cluster Secret declaratively, using the K8s client, rather than via CLI, as the CLI doesn't currently + // support Kubernetes API server URLs with query parameters. + + secret := buildArgoCDClusterSecret("test-"+username, ArgoCDNamespace, E2ETestPrefix+"cluster-"+username, apiURL+"?user="+username, + string(jsonStringBytes), clusterResourcesField, namespacesField) + + // Finally, create the Cluster secret in the Argo CD E2E namespace + _, err = KubeClientset.CoreV1().Secrets(secret.Namespace).Create(context.Background(), &secret, metav1.CreateOptions{}) + assert.Nil(t, err) +} + +// extractKubeConfigValues returns contents of the local environment's kubeconfig, using standard path resolution mechanism. +// Returns: +// - contents of kubeconfig +// - server name (within the kubeconfig) +// - error +func extractKubeConfigValues() (string, string, error) { + + loadingRules := clientcmd.NewDefaultClientConfigLoadingRules() + + config, err := loadingRules.Load() + if err != nil { + return "", "", err + } + + context, ok := config.Contexts[config.CurrentContext] + if !ok || context == nil { + return "", "", fmt.Errorf("no context") + } + + cluster, ok := config.Clusters[context.Cluster] + if !ok || cluster == nil { + return "", "", fmt.Errorf("no cluster") + } + + var kubeConfigDefault string + + paths := loadingRules.Precedence + { + + // For all the kubeconfig paths, look for one that exists + for _, path := range paths { + _, err = os.Stat(path) + if err == nil { + // Success + kubeConfigDefault = path + break + } // Otherwise, continue. + + } + + if kubeConfigDefault == "" { + return "", "", fmt.Errorf("unable to retrieve kube config path") + } + } + + kubeConfigContents, err := os.ReadFile(kubeConfigDefault) + if err != nil { + return "", "", err + } + + return string(kubeConfigContents), cluster.Server, nil +} diff --git a/test/e2e/fixture/cluster/actions.go b/test/e2e/fixture/cluster/actions.go index 3f047e8f9b03e..0613c9a22cf15 100644 --- a/test/e2e/fixture/cluster/actions.go +++ b/test/e2e/fixture/cluster/actions.go @@ -45,10 +45,10 @@ func (a *Actions) Create(args ...string) *Actions { Cluster: &v1alpha1.Cluster{ Server: a.context.server, Name: a.context.name, - Config: v1alpha1.ClusterConfig{}, + Config: v1alpha1.ClusterConfig{BearerToken: a.context.bearerToken}, ConnectionState: v1alpha1.ConnectionState{}, ServerVersion: "", - Namespaces: nil, + Namespaces: a.context.namespaces, RefreshRequestedAt: nil, Info: v1alpha1.ClusterInfo{}, Shard: nil, diff --git a/test/e2e/fixture/cluster/context.go b/test/e2e/fixture/cluster/context.go index 236be6a3a3913..bd0102f891d71 100644 --- a/test/e2e/fixture/cluster/context.go +++ b/test/e2e/fixture/cluster/context.go @@ -12,12 +12,13 @@ import ( type Context struct { t *testing.T // seconds - timeout int - name string - project string - server string - upsert bool - namespaces []string + timeout int + name string + project string + server string + upsert bool + namespaces []string + bearerToken string } func Given(t *testing.T) *Context { @@ -67,6 +68,11 @@ func (c *Context) Project(project string) *Context { return c } +func (c *Context) BearerToken(bearerToken string) *Context { + c.bearerToken = bearerToken + return c +} + func (c *Context) Upsert(upsert bool) *Context { c.upsert = upsert return c diff --git a/test/e2e/fixture/fixture.go b/test/e2e/fixture/fixture.go index 095b3e2f116be..d8d91f09436b0 100644 --- a/test/e2e/fixture/fixture.go +++ b/test/e2e/fixture/fixture.go @@ -58,6 +58,8 @@ const ( // cmp plugin sock file path PluginSockFilePath = "/app/config/plugin" + + E2ETestPrefix = "e2e-test-" ) const ( @@ -666,6 +668,33 @@ func EnsureCleanState(t *testing.T, opts ...TestOption) { FailOnErr(Run("", "kubectl", "create", "ns", DeploymentNamespace())) FailOnErr(Run("", "kubectl", "label", "ns", DeploymentNamespace(), TestingLabel+"=true")) + // delete old namespaces used by E2E tests + namespaces, err := KubeClientset.CoreV1().Namespaces().List(context.Background(), v1.ListOptions{}) + CheckError(err) + for _, namespace := range namespaces.Items { + if strings.HasPrefix(namespace.Name, E2ETestPrefix) { + FailOnErr(Run("", "kubectl", "delete", "ns", namespace.Name)) + } + } + + // delete old ClusterRoles that begin with "e2e-test-" prefix (E2ETestPrefix), which were created by tests + clusterRoles, err := KubeClientset.RbacV1().ClusterRoles().List(context.Background(), v1.ListOptions{}) + CheckError(err) + for _, clusterRole := range clusterRoles.Items { + if strings.HasPrefix(clusterRole.Name, E2ETestPrefix) { + FailOnErr(Run("", "kubectl", "delete", "clusterrole", clusterRole.Name)) + } + } + + // delete old ClusterRoleBindings that begin with "e2e-test-prefix", which were created by E2E tests + clusterRoleBindings, err := KubeClientset.RbacV1().ClusterRoleBindings().List(context.Background(), v1.ListOptions{}) + CheckError(err) + for _, clusterRoleBinding := range clusterRoleBindings.Items { + if strings.HasPrefix(clusterRoleBinding.Name, E2ETestPrefix) { + FailOnErr(Run("", "kubectl", "delete", "clusterrolebinding", clusterRoleBinding.Name)) + } + } + log.WithFields(log.Fields{"duration": time.Since(start), "name": t.Name(), "id": id, "username": "admin", "password": "password"}).Info("clean state") } From 9e279d5a28e82d5309613fc1ca92482ab853474a Mon Sep 17 00:00:00 2001 From: "Kostis (Codefresh)" <39800303+kostis-codefresh@users.noreply.github.com> Date: Mon, 31 Jul 2023 18:54:56 +0300 Subject: [PATCH 063/105] docs: Clarify that security policy covers last 3 versions (#14786) * docs: Clarify that security policy covers last 3 versions Signed-off-by: Kostis Kapelonis * Update SECURITY.md Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Kostis Kapelonis Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- SECURITY.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 9e2ba5c6ba542..38574aa2bd0db 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -35,9 +35,7 @@ impact on Argo CD before opening an issue at least roughly. ## Supported Versions -We currently support the most recent release (`N`, e.g. `1.8`) and the release -previous to the most recent one (`N-1`, e.g. `1.7`). With the release of -`N+1`, `N-1` drops out of support and `N` becomes `N-1`. +We currently support the last 3 minor versions of Argo CD with security and bug fixes. We regularly perform patch releases (e.g. `1.8.5` and `1.7.12`) for the supported versions, which will contain fixes for security vulnerabilities and From 2f84dacc035772859574bc393eb55d5fe8284793 Mon Sep 17 00:00:00 2001 From: Nathan Romriell Date: Mon, 31 Jul 2023 09:04:01 -0700 Subject: [PATCH 064/105] fix(controller): cache deadlock on delete and re-add cluster (#14780) Signed-off-by: Nathan Romriell --- controller/cache/cache.go | 6 ++- controller/cache/cache_test.go | 99 +++++++++++++++++++++++++++++++++- 2 files changed, 102 insertions(+), 3 deletions(-) diff --git a/controller/cache/cache.go b/controller/cache/cache.go index 8623130f36dfa..b62185dc4589f 100644 --- a/controller/cache/cache.go +++ b/controller/cache/cache.go @@ -775,12 +775,14 @@ func (c *liveStateCache) handleModEvent(oldCluster *appv1.Cluster, newCluster *a } func (c *liveStateCache) handleDeleteEvent(clusterServer string) { - c.lock.Lock() - defer c.lock.Unlock() + c.lock.RLock() cluster, ok := c.clusters[clusterServer] + c.lock.RUnlock() if ok { cluster.Invalidate() + c.lock.Lock() delete(c.clusters, clusterServer) + c.lock.Unlock() } } diff --git a/controller/cache/cache_test.go b/controller/cache/cache_test.go index 3549f03f6e0ea..de2d96eb7aa28 100644 --- a/controller/cache/cache_test.go +++ b/controller/cache/cache_test.go @@ -1,13 +1,16 @@ package cache import ( + "context" "errors" "net" "net/url" + "sync" "testing" + "time" "github.com/stretchr/testify/assert" - "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" apierr "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" @@ -16,8 +19,10 @@ import ( "github.com/argoproj/gitops-engine/pkg/cache/mocks" "github.com/argoproj/gitops-engine/pkg/health" "github.com/stretchr/testify/mock" + "k8s.io/client-go/kubernetes/fake" appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + argosettings "github.com/argoproj/argo-cd/v2/util/settings" ) type netError string @@ -108,6 +113,98 @@ func TestHandleAddEvent_ClusterExcluded(t *testing.T) { assert.Len(t, clustersCache.clusters, 0) } +func TestHandleDeleteEvent_CacheDeadlock(t *testing.T) { + testCluster := &appv1.Cluster{ + Server: "https://mycluster", + Config: appv1.ClusterConfig{Username: "bar"}, + } + fakeClient := fake.NewSimpleClientset() + settingsMgr := argosettings.NewSettingsManager(context.TODO(), fakeClient, "argocd") + externalLockRef := sync.RWMutex{} + gitopsEngineClusterCache := &mocks.ClusterCache{} + clustersCache := liveStateCache{ + clusters: map[string]cache.ClusterCache{ + testCluster.Server: gitopsEngineClusterCache, + }, + clusterFilter: func(cluster *appv1.Cluster) bool { + return true + }, + settingsMgr: settingsMgr, + // Set the lock here so we can reference it later + // nolint We need to overwrite here to have access to the lock + lock: externalLockRef, + } + channel := make(chan string) + // Mocked lock held by the gitops-engine cluster cache + mockMutex := sync.RWMutex{} + // Locks to force trigger condition during test + // Condition order: + // EnsuredSynced -> Locks gitops-engine + // handleDeleteEvent -> Locks liveStateCache + // EnsureSynced via sync, newResource, populateResourceInfoHandler -> attempts to Lock liveStateCache + // handleDeleteEvent via cluster.Invalidate -> attempts to Lock gitops-engine + handleDeleteWasCalled := sync.Mutex{} + engineHoldsLock := sync.Mutex{} + handleDeleteWasCalled.Lock() + engineHoldsLock.Lock() + gitopsEngineClusterCache.On("EnsureSynced").Run(func(args mock.Arguments) { + // Held by EnsureSync calling into sync and watchEvents + mockMutex.Lock() + defer mockMutex.Unlock() + // Continue Execution of timer func + engineHoldsLock.Unlock() + // Wait for handleDeleteEvent to be called triggering the lock + // on the liveStateCache + handleDeleteWasCalled.Lock() + t.Logf("handleDelete was called, EnsureSynced continuing...") + handleDeleteWasCalled.Unlock() + // Try and obtain the lock on the liveStateCache + alreadyFailed := !externalLockRef.TryLock() + if alreadyFailed { + channel <- "DEADLOCKED -- EnsureSynced could not obtain lock on liveStateCache" + return + } + externalLockRef.Lock() + t.Logf("EnsureSynce was able to lock liveStateCache") + externalLockRef.Unlock() + }).Return(nil).Once() + gitopsEngineClusterCache.On("Invalidate").Run(func(args mock.Arguments) { + // If deadlock is fixed should be able to acquire lock here + alreadyFailed := !mockMutex.TryLock() + if alreadyFailed { + channel <- "DEADLOCKED -- Invalidate could not obtain lock on gitops-engine" + return + } + mockMutex.Lock() + t.Logf("Invalidate was able to lock gitops-engine cache") + mockMutex.Unlock() + }).Return() + go func() { + // Start the gitops-engine lock holds + go func() { + err := gitopsEngineClusterCache.EnsureSynced() + if err != nil { + assert.Fail(t, err.Error()) + } + }() + // Wait for EnsureSynced to grab the lock for gitops-engine + engineHoldsLock.Lock() + t.Log("EnsureSynced has obtained lock on gitops-engine") + engineHoldsLock.Unlock() + // Run in background + go clustersCache.handleDeleteEvent(testCluster.Server) + // Allow execution to continue on clusters cache call to trigger lock + handleDeleteWasCalled.Unlock() + channel <- "PASSED" + }() + select { + case str := <-channel: + assert.Equal(t, "PASSED", str, str) + case <-time.After(5 * time.Second): + assert.Fail(t, "Ended up in deadlock") + } +} + func TestIsRetryableError(t *testing.T) { var ( tlsHandshakeTimeoutErr net.Error = netError("net/http: TLS handshake timeout") From e2ab450642c5084316b8a560146755a37055c798 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Mon, 31 Jul 2023 16:43:40 -0400 Subject: [PATCH 065/105] chore: make `helm template` errors less verbose (#14772) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- util/helm/cmd.go | 16 ++++++++++++++-- util/helm/cmd_test.go | 12 ++++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/util/helm/cmd.go b/util/helm/cmd.go index 4714d0fbe8807..f8240d555217e 100644 --- a/util/helm/cmd.go +++ b/util/helm/cmd.go @@ -1,12 +1,14 @@ package helm import ( + "errors" "fmt" "os" "os/exec" "path" "path/filepath" "regexp" + "strings" log "github.com/sirupsen/logrus" @@ -267,7 +269,8 @@ type TemplateOpts struct { } var ( - re = regexp.MustCompile(`([^\\]),`) + re = regexp.MustCompile(`([^\\]),`) + apiVersionsRemover = regexp.MustCompile(`(--api-versions [^ ]+ )+`) ) func cleanSetParameters(val string) string { @@ -310,7 +313,16 @@ func (c *Cmd) template(chartPath string, opts *TemplateOpts) (string, error) { args = append(args, "--include-crds") } - return c.run(args...) + out, err := c.run(args...) + if err != nil { + msg := err.Error() + if strings.Contains(msg, "--api-versions") { + log.Debug(msg) + msg = apiVersionsRemover.ReplaceAllString(msg, " ") + } + return "", errors.New(msg) + } + return out, nil } func (c *Cmd) Freestyle(args ...string) (string, error) { diff --git a/util/helm/cmd_test.go b/util/helm/cmd_test.go index d09b808908b87..772d32c78b8dd 100644 --- a/util/helm/cmd_test.go +++ b/util/helm/cmd_test.go @@ -23,6 +23,18 @@ func TestCmd_template_kubeVersion(t *testing.T) { assert.NotEmpty(t, s) } +func TestCmd_template_noApiVersionsInError(t *testing.T) { + cmd, err := NewCmdWithVersion(".", HelmV3, false, "") + assert.NoError(t, err) + _, err = cmd.template("testdata/chart-does-not-exist", &TemplateOpts{ + KubeVersion: "1.14", + APIVersions: []string{"foo", "bar"}, + }) + assert.Error(t, err) + assert.NotContains(t, err.Error(), "--api-version") + assert.ErrorContains(t, err, " ") +} + func TestNewCmd_helmV3(t *testing.T) { cmd, err := NewCmd(".", "v3", "") assert.NoError(t, err) From 951b6b1b467b1f1b28af838009d2b78929165c60 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Mon, 31 Jul 2023 16:49:19 -0400 Subject: [PATCH 066/105] feat(deep-links): alias `application` as `apps` for consistency with notifications engine (#14761) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- docs/operator-manual/deep_links.md | 12 ++++++------ server/deeplinks/deeplinks.go | 9 ++++++--- server/deeplinks/deeplinks_test.go | 23 ++++++++++++++++++++--- 3 files changed, 32 insertions(+), 12 deletions(-) diff --git a/docs/operator-manual/deep_links.md b/docs/operator-manual/deep_links.md index df46cced2ae90..c166a1d25d75d 100644 --- a/docs/operator-manual/deep_links.md +++ b/docs/operator-manual/deep_links.md @@ -37,7 +37,7 @@ Each link in the list has five subfields: As mentioned earlier the links and conditions can be templated to use data from the resource, each category of links can access different types of data linked to that resource. Overall we have these 4 resources available for templating in the system: -- `application`: this key is used to access the application resource data. +- `app` or `application`: this key is used to access the application resource data. - `resource`: this key is used to access values for the actual k8s resource. - `cluster`: this key is used to access the related destination cluster data like name, server, namespaces etc. - `project`: this key is used to access the project resource data. @@ -45,7 +45,7 @@ Overall we have these 4 resources available for templating in the system: The above resources are accessible in particular link categories, here's a list of resources available in each category: - `resource.links`: `resource`, `application`, `cluster` and `project` -- `application.links`: `application` and `cluster` +- `application.links`: `app`/`application` and `cluster` - `project.links`: `project` An example `argocd-cm.yaml` file with deep links and their variations : @@ -60,16 +60,16 @@ An example `argocd-cm.yaml` file with deep links and their variations : # sample application level links application.links: | # pkg.go.dev/text/template is used for evaluating url templates - - url: https://mycompany.splunk.com?search={{.application.spec.destination.namespace}}&env={{.project.metadata.labels.env}} + - url: https://mycompany.splunk.com?search={{.app.spec.destination.namespace}}&env={{.project.metadata.labels.env}} title: Splunk # conditionally show link e.g. for specific project # github.com/antonmedv/expr is used for evaluation of conditions - - url: https://mycompany.splunk.com?search={{.application.spec.destination.namespace}} + - url: https://mycompany.splunk.com?search={{.app.spec.destination.namespace}} title: Splunk if: application.spec.project == "default" - - url: https://{{.application.metadata.annotations.splunkhost}}?search={{.application.spec.destination.namespace}} + - url: https://{{.app.metadata.annotations.splunkhost}}?search={{.app.spec.destination.namespace}} title: Splunk - if: application.metadata.annotations.splunkhost != "" + if: app.metadata.annotations.splunkhost != "" # sample resource level links resource.links: | - url: https://mycompany.splunk.com?search={{.resource.metadata.name}}&env={{.project.metadata.labels.env}} diff --git a/server/deeplinks/deeplinks.go b/server/deeplinks/deeplinks.go index 254d7c8a62e08..301d9ad0b2fb0 100644 --- a/server/deeplinks/deeplinks.go +++ b/server/deeplinks/deeplinks.go @@ -7,12 +7,13 @@ import ( "github.com/Masterminds/sprig/v3" "github.com/antonmedv/expr" - "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - "github.com/argoproj/argo-cd/v2/util/settings" "github.com/argoproj/gitops-engine/pkg/utils/kube" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/utils/pointer" + + "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/settings" ) var sprigFuncMap = sprig.GenericFuncMap() // a singleton for better performance @@ -27,6 +28,7 @@ func init() { const ( ResourceDeepLinkKey = "resource" AppDeepLinkKey = "application" + AppDeepLinkShortKey = "app" ClusterDeepLinkKey = "cluster" ProjectDeepLinkKey = "project" ) @@ -67,6 +69,7 @@ func CreateDeepLinksObject(resourceObj *unstructured.Unstructured, app *unstruct } if app != nil { deeplinkObj[AppDeepLinkKey] = app.Object + deeplinkObj[AppDeepLinkShortKey] = app.Object } if cluster != nil { deeplinkObj[ClusterDeepLinkKey] = cluster.Object diff --git a/server/deeplinks/deeplinks_test.go b/server/deeplinks/deeplinks_test.go index 51693fb69a5ec..abebe691c29c1 100644 --- a/server/deeplinks/deeplinks_test.go +++ b/server/deeplinks/deeplinks_test.go @@ -5,15 +5,16 @@ import ( "strings" "testing" - "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - "github.com/argoproj/argo-cd/v2/util/settings" "github.com/argoproj/gitops-engine/pkg/utils/kube" "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/utils/pointer" + + "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/settings" ) type deepLinkTC struct { @@ -83,6 +84,22 @@ func TestDeepLinks(t *testing.T) { }}, error: []string{}, }, + { + appObj: appObj, + resourceObj: resourceObj, + projectObj: projectObj, + clusterObj: clusterObj, + inputLinks: []settings.DeepLink{{ + Title: "link", + URL: "http://example.com/{{ .app.metadata.name }}&{{ .resource.data.key }}&{{ index .project.spec.sourceRepos 0}}&{{ .cluster.name }}", + Condition: pointer.String(`app.metadata.name == "test" && project.metadata.name == "test-project"`), + }}, + outputLinks: []*application.LinkInfo{{ + Title: pointer.String("link"), + Url: pointer.String("http://example.com/test&value1&test-repo.git&test-cluster"), + }}, + error: []string{}, + }, { appObj: appObj, resourceObj: resourceObj, From 92616e4e0fd433bd18df54854df37a1c3ff6e4fc Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Mon, 31 Jul 2023 19:21:26 -0400 Subject: [PATCH 067/105] fix(ui): no hyphen for "create job" action + nice icon (#14776) (#14777) * chore(actions): space instead of hyphen in action name (#14776) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * new field for backwards-compatibility Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * align icons for maximum synergy Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * delete unused function Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * revert unnecessary changes Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Update docs/operator-manual/upgrading/2.7-2.8.md Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- assets/swagger.json | 6 + pkg/apis/application/v1alpha1/generated.pb.go | 1397 +++++++++-------- pkg/apis/application/v1alpha1/generated.proto | 4 + .../application/v1alpha1/openapi_generated.go | 12 + pkg/apis/application/v1alpha1/types.go | 11 +- .../CronWorkflow/actions/discovery.lua | 5 +- .../WorkflowTemplate/actions/discovery.lua | 5 +- .../batch/CronJob/actions/discovery.lua | 5 +- ui/src/app/applications/components/utils.tsx | 15 +- ui/src/app/shared/models.ts | 2 + 10 files changed, 791 insertions(+), 671 deletions(-) diff --git a/assets/swagger.json b/assets/swagger.json index 38d98c3460b35..1c724f649504d 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -8036,6 +8036,12 @@ "disabled": { "type": "boolean" }, + "displayName": { + "type": "string" + }, + "iconClass": { + "type": "string" + }, "name": { "type": "string" }, diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index 9e9ffa0023d55..8a788c206b4f9 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -4300,668 +4300,671 @@ func init() { } var fileDescriptor_030104ce3b95bcac = []byte{ - // 10576 bytes of a gzipped FileDescriptorProto + // 10611 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x25, 0xd9, 0x75, 0x90, 0xfb, 0x7d, 0x48, 0xef, 0x1d, 0x69, 0x3e, 0x74, 0x67, 0x66, 0x57, 0x3b, 0xde, 0x5d, 0x4d, 0x7a, 0x2b, 0xeb, 0x35, 0xde, 0x95, 0xb2, 0xe3, 0x5d, 0xb3, 0x64, 0x13, 0x3b, 0x7a, 0xd2, 0x8c, 0x46, 0x33, 0xd2, 0x48, 0x7b, 0xa5, 0x99, 0xb1, 0xd7, 0x59, 0xaf, 0x5b, 0xfd, 0xae, 0x9e, - 0x7a, 0xd4, 0xaf, 0xfb, 0x6d, 0x77, 0x3f, 0x8d, 0xb4, 0xb1, 0x1d, 0x3b, 0xce, 0x87, 0xc1, 0x9f, - 0xd8, 0x50, 0x71, 0x00, 0x07, 0x27, 0x0e, 0x14, 0x29, 0xd8, 0x22, 0xc0, 0x0f, 0x02, 0x81, 0x4a, - 0x25, 0xf0, 0xc3, 0x94, 0xa1, 0x48, 0x51, 0xa9, 0x38, 0x90, 0x44, 0xd8, 0xa2, 0x28, 0x28, 0xaa, - 0x48, 0x55, 0x80, 0x1f, 0x30, 0x50, 0x40, 0xdd, 0xef, 0xdb, 0xfd, 0xfa, 0x8d, 0x9e, 0xa4, 0xd6, + 0x7a, 0xd4, 0xaf, 0xbb, 0xb7, 0xbb, 0x9f, 0x46, 0xda, 0xd8, 0x8e, 0x1d, 0xe7, 0xc3, 0xe0, 0x4f, + 0x6c, 0xa8, 0x38, 0x80, 0x83, 0x13, 0x07, 0x8a, 0x14, 0x6c, 0x11, 0xe0, 0x07, 0x81, 0x40, 0xa5, + 0x92, 0xf0, 0xc3, 0x94, 0xa1, 0x48, 0x51, 0xa9, 0x38, 0x40, 0x22, 0x6c, 0x51, 0x14, 0x14, 0x55, + 0xa4, 0x2a, 0xc0, 0x0f, 0x18, 0x28, 0xa0, 0xee, 0xf7, 0xed, 0x7e, 0xef, 0x8d, 0x9e, 0xa4, 0xd6, 0xcc, 0xd8, 0xd9, 0x7f, 0xef, 0xdd, 0x73, 0xfa, 0x9c, 0xd3, 0xb7, 0xef, 0x3d, 0xf7, 0xdc, 0x73, - 0xcf, 0x39, 0x17, 0x16, 0x5a, 0x5e, 0xb2, 0xd1, 0x5d, 0x9b, 0x74, 0xc3, 0xf6, 0x94, 0x13, 0xb5, - 0xc2, 0x4e, 0x14, 0xde, 0x66, 0x3f, 0x9e, 0x73, 0x9b, 0x53, 0x5b, 0x17, 0xa7, 0x3a, 0x9b, 0xad, - 0x29, 0xa7, 0xe3, 0xc5, 0x53, 0x4e, 0xa7, 0xe3, 0x7b, 0xae, 0x93, 0x78, 0x61, 0x30, 0xb5, 0xf5, - 0xbc, 0xe3, 0x77, 0x36, 0x9c, 0xe7, 0xa7, 0x5a, 0x24, 0x20, 0x91, 0x93, 0x90, 0xe6, 0x64, 0x27, - 0x0a, 0x93, 0x10, 0xfd, 0x88, 0xa6, 0x36, 0x29, 0xa9, 0xb1, 0x1f, 0xaf, 0xbb, 0xcd, 0xc9, 0xad, - 0x8b, 0x93, 0x9d, 0xcd, 0xd6, 0x24, 0xa5, 0x36, 0x69, 0x50, 0x9b, 0x94, 0xd4, 0xce, 0x3f, 0x67, - 0xc8, 0xd2, 0x0a, 0x5b, 0xe1, 0x14, 0x23, 0xba, 0xd6, 0x5d, 0x67, 0xff, 0xd8, 0x1f, 0xf6, 0x8b, - 0x33, 0x3b, 0x6f, 0x6f, 0xbe, 0x14, 0x4f, 0x7a, 0x21, 0x15, 0x6f, 0xca, 0x0d, 0x23, 0x32, 0xb5, - 0xd5, 0x23, 0xd0, 0xf9, 0x2b, 0x1a, 0x87, 0x6c, 0x27, 0x24, 0x88, 0xbd, 0x30, 0x88, 0x9f, 0xa3, - 0x22, 0x90, 0x68, 0x8b, 0x44, 0xe6, 0xeb, 0x19, 0x08, 0x79, 0x94, 0x5e, 0xd0, 0x94, 0xda, 0x8e, - 0xbb, 0xe1, 0x05, 0x24, 0xda, 0xd1, 0x8f, 0xb7, 0x49, 0xe2, 0xe4, 0x3d, 0x35, 0xd5, 0xef, 0xa9, - 0xa8, 0x1b, 0x24, 0x5e, 0x9b, 0xf4, 0x3c, 0xf0, 0xbe, 0xfd, 0x1e, 0x88, 0xdd, 0x0d, 0xd2, 0x76, - 0x7a, 0x9e, 0x7b, 0x6f, 0xbf, 0xe7, 0xba, 0x89, 0xe7, 0x4f, 0x79, 0x41, 0x12, 0x27, 0x51, 0xf6, - 0x21, 0xfb, 0x0d, 0x38, 0x31, 0x7d, 0x6b, 0x65, 0xba, 0x9b, 0x6c, 0xcc, 0x84, 0xc1, 0xba, 0xd7, - 0x42, 0x2f, 0xc2, 0x88, 0xeb, 0x77, 0xe3, 0x84, 0x44, 0xd7, 0x9d, 0x36, 0x19, 0xb7, 0x2e, 0x58, - 0xcf, 0xd4, 0x1b, 0x67, 0xbe, 0xb9, 0x3b, 0xf1, 0x8e, 0xbd, 0xdd, 0x89, 0x91, 0x19, 0x0d, 0xc2, - 0x26, 0x1e, 0x7a, 0x37, 0x0c, 0x47, 0xa1, 0x4f, 0xa6, 0xf1, 0xf5, 0xf1, 0x12, 0x7b, 0xe4, 0x94, - 0x78, 0x64, 0x18, 0xf3, 0x66, 0x2c, 0xe1, 0xf6, 0xef, 0x95, 0x00, 0xa6, 0x3b, 0x9d, 0xe5, 0x28, - 0xbc, 0x4d, 0xdc, 0x04, 0x7d, 0x14, 0x6a, 0xb4, 0xeb, 0x9a, 0x4e, 0xe2, 0x30, 0x6e, 0x23, 0x17, - 0x7f, 0x68, 0x92, 0xbf, 0xc9, 0xa4, 0xf9, 0x26, 0x7a, 0xe0, 0x50, 0xec, 0xc9, 0xad, 0xe7, 0x27, - 0x97, 0xd6, 0xe8, 0xf3, 0x8b, 0x24, 0x71, 0x1a, 0x48, 0x30, 0x03, 0xdd, 0x86, 0x15, 0x55, 0x14, - 0x40, 0x25, 0xee, 0x10, 0x97, 0x09, 0x36, 0x72, 0x71, 0x61, 0xf2, 0x28, 0x23, 0x74, 0x52, 0x4b, - 0xbe, 0xd2, 0x21, 0x6e, 0x63, 0x54, 0x70, 0xae, 0xd0, 0x7f, 0x98, 0xf1, 0x41, 0x5b, 0x30, 0x14, - 0x27, 0x4e, 0xd2, 0x8d, 0xc7, 0xcb, 0x8c, 0xe3, 0xf5, 0xc2, 0x38, 0x32, 0xaa, 0x8d, 0x93, 0x82, - 0xe7, 0x10, 0xff, 0x8f, 0x05, 0x37, 0xfb, 0x8f, 0x2c, 0x38, 0xa9, 0x91, 0x17, 0xbc, 0x38, 0x41, - 0x3f, 0xde, 0xd3, 0xb9, 0x93, 0x83, 0x75, 0x2e, 0x7d, 0x9a, 0x75, 0xed, 0x69, 0xc1, 0xac, 0x26, - 0x5b, 0x8c, 0x8e, 0x6d, 0x43, 0xd5, 0x4b, 0x48, 0x3b, 0x1e, 0x2f, 0x5d, 0x28, 0x3f, 0x33, 0x72, - 0xf1, 0x4a, 0x51, 0xef, 0xd9, 0x38, 0x21, 0x98, 0x56, 0xe7, 0x29, 0x79, 0xcc, 0xb9, 0xd8, 0xbf, - 0x3a, 0x6a, 0xbe, 0x1f, 0xed, 0x70, 0xf4, 0x3c, 0x8c, 0xc4, 0x61, 0x37, 0x72, 0x09, 0x26, 0x9d, - 0x30, 0x1e, 0xb7, 0x2e, 0x94, 0xe9, 0xd0, 0xa3, 0x23, 0x75, 0x45, 0x37, 0x63, 0x13, 0x07, 0x7d, - 0xc1, 0x82, 0xd1, 0x26, 0x89, 0x13, 0x2f, 0x60, 0xfc, 0xa5, 0xf0, 0xab, 0x47, 0x16, 0x5e, 0x36, - 0xce, 0x6a, 0xe2, 0x8d, 0xb3, 0xe2, 0x45, 0x46, 0x8d, 0xc6, 0x18, 0xa7, 0xf8, 0xd3, 0x19, 0xd7, - 0x24, 0xb1, 0x1b, 0x79, 0x1d, 0xfa, 0x9f, 0x8d, 0x19, 0x63, 0xc6, 0xcd, 0x6a, 0x10, 0x36, 0xf1, - 0x50, 0x00, 0x55, 0x3a, 0xa3, 0xe2, 0xf1, 0x0a, 0x93, 0x7f, 0xfe, 0x68, 0xf2, 0x8b, 0x4e, 0xa5, - 0x93, 0x55, 0xf7, 0x3e, 0xfd, 0x17, 0x63, 0xce, 0x06, 0x7d, 0xde, 0x82, 0x71, 0x31, 0xe3, 0x31, - 0xe1, 0x1d, 0x7a, 0x6b, 0xc3, 0x4b, 0x88, 0xef, 0xc5, 0xc9, 0x78, 0x95, 0xc9, 0x30, 0x35, 0xd8, - 0xd8, 0x9a, 0x8b, 0xc2, 0x6e, 0xe7, 0x9a, 0x17, 0x34, 0x1b, 0x17, 0x04, 0xa7, 0xf1, 0x99, 0x3e, - 0x84, 0x71, 0x5f, 0x96, 0xe8, 0x2b, 0x16, 0x9c, 0x0f, 0x9c, 0x36, 0x89, 0x3b, 0x0e, 0xfd, 0xb4, - 0x1c, 0xdc, 0xf0, 0x1d, 0x77, 0x93, 0x49, 0x34, 0x74, 0x38, 0x89, 0x6c, 0x21, 0xd1, 0xf9, 0xeb, - 0x7d, 0x49, 0xe3, 0x7b, 0xb0, 0x45, 0xdf, 0xb0, 0x60, 0x2c, 0x8c, 0x3a, 0x1b, 0x4e, 0x40, 0x9a, - 0x12, 0x1a, 0x8f, 0x0f, 0xb3, 0xa9, 0xf7, 0x91, 0xa3, 0x7d, 0xa2, 0xa5, 0x2c, 0xd9, 0xc5, 0x30, - 0xf0, 0x92, 0x30, 0x5a, 0x21, 0x49, 0xe2, 0x05, 0xad, 0xb8, 0x71, 0x6e, 0x6f, 0x77, 0x62, 0xac, - 0x07, 0x0b, 0xf7, 0xca, 0x83, 0x7e, 0x02, 0x46, 0xe2, 0x9d, 0xc0, 0xbd, 0xe5, 0x05, 0xcd, 0xf0, - 0x4e, 0x3c, 0x5e, 0x2b, 0x62, 0xfa, 0xae, 0x28, 0x82, 0x62, 0x02, 0x6a, 0x06, 0xd8, 0xe4, 0x96, - 0xff, 0xe1, 0xf4, 0x50, 0xaa, 0x17, 0xfd, 0xe1, 0xf4, 0x60, 0xba, 0x07, 0x5b, 0xf4, 0x73, 0x16, - 0x9c, 0x88, 0xbd, 0x56, 0xe0, 0x24, 0xdd, 0x88, 0x5c, 0x23, 0x3b, 0xf1, 0x38, 0x30, 0x41, 0xae, - 0x1e, 0xb1, 0x57, 0x0c, 0x92, 0x8d, 0x73, 0x42, 0xc6, 0x13, 0x66, 0x6b, 0x8c, 0xd3, 0x7c, 0xf3, - 0x26, 0x9a, 0x1e, 0xd6, 0x23, 0xc5, 0x4e, 0x34, 0x3d, 0xa8, 0xfb, 0xb2, 0x44, 0x3f, 0x06, 0xa7, - 0x79, 0x93, 0xea, 0xd9, 0x78, 0x7c, 0x94, 0x29, 0xda, 0xb3, 0x7b, 0xbb, 0x13, 0xa7, 0x57, 0x32, - 0x30, 0xdc, 0x83, 0x8d, 0xde, 0x80, 0x89, 0x0e, 0x89, 0xda, 0x5e, 0xb2, 0x14, 0xf8, 0x3b, 0x52, - 0x7d, 0xbb, 0x61, 0x87, 0x34, 0x85, 0x38, 0xf1, 0xf8, 0x89, 0x0b, 0xd6, 0x33, 0xb5, 0xc6, 0xbb, - 0x84, 0x98, 0x13, 0xcb, 0xf7, 0x46, 0xc7, 0xfb, 0xd1, 0xb3, 0xff, 0x45, 0x09, 0x4e, 0x67, 0x17, - 0x4e, 0xf4, 0x37, 0x2d, 0x38, 0x75, 0xfb, 0x4e, 0xb2, 0x1a, 0x6e, 0x92, 0x20, 0x6e, 0xec, 0x50, - 0xf5, 0xc6, 0x96, 0x8c, 0x91, 0x8b, 0x6e, 0xb1, 0x4b, 0xf4, 0xe4, 0xd5, 0x34, 0x97, 0x4b, 0x41, - 0x12, 0xed, 0x34, 0x1e, 0x15, 0x6f, 0x77, 0xea, 0xea, 0xad, 0x55, 0x13, 0x8a, 0xb3, 0x42, 0x9d, - 0xff, 0xac, 0x05, 0x67, 0xf3, 0x48, 0xa0, 0xd3, 0x50, 0xde, 0x24, 0x3b, 0xdc, 0x2a, 0xc3, 0xf4, - 0x27, 0x7a, 0x0d, 0xaa, 0x5b, 0x8e, 0xdf, 0x25, 0xc2, 0xba, 0x99, 0x3b, 0xda, 0x8b, 0x28, 0xc9, - 0x30, 0xa7, 0xfa, 0xc3, 0xa5, 0x97, 0x2c, 0xfb, 0x5f, 0x97, 0x61, 0xc4, 0x58, 0xdf, 0xee, 0x83, - 0xc5, 0x16, 0xa6, 0x2c, 0xb6, 0xc5, 0xc2, 0x96, 0xe6, 0xbe, 0x26, 0xdb, 0x9d, 0x8c, 0xc9, 0xb6, - 0x54, 0x1c, 0xcb, 0x7b, 0xda, 0x6c, 0x28, 0x81, 0x7a, 0xd8, 0xa1, 0x16, 0x39, 0x5d, 0xfa, 0x2b, - 0x45, 0x7c, 0xc2, 0x25, 0x49, 0xae, 0x71, 0x62, 0x6f, 0x77, 0xa2, 0xae, 0xfe, 0x62, 0xcd, 0xc8, - 0xfe, 0xb6, 0x05, 0x67, 0x0d, 0x19, 0x67, 0xc2, 0xa0, 0xe9, 0xb1, 0x4f, 0x7b, 0x01, 0x2a, 0xc9, - 0x4e, 0x47, 0x9a, 0xfd, 0xaa, 0xa7, 0x56, 0x77, 0x3a, 0x04, 0x33, 0x08, 0x35, 0xf4, 0xdb, 0x24, - 0x8e, 0x9d, 0x16, 0xc9, 0x1a, 0xfa, 0x8b, 0xbc, 0x19, 0x4b, 0x38, 0x8a, 0x00, 0xf9, 0x4e, 0x9c, - 0xac, 0x46, 0x4e, 0x10, 0x33, 0xf2, 0xab, 0x5e, 0x9b, 0x88, 0x0e, 0xfe, 0x33, 0x83, 0x8d, 0x18, - 0xfa, 0x44, 0xe3, 0x91, 0xbd, 0xdd, 0x09, 0xb4, 0xd0, 0x43, 0x09, 0xe7, 0x50, 0xb7, 0xbf, 0x62, - 0xc1, 0x23, 0xf9, 0xb6, 0x18, 0x7a, 0x1a, 0x86, 0xf8, 0x96, 0x4f, 0xbc, 0x9d, 0xfe, 0x24, 0xac, - 0x15, 0x0b, 0x28, 0x9a, 0x82, 0xba, 0x5a, 0x27, 0xc4, 0x3b, 0x8e, 0x09, 0xd4, 0xba, 0x5e, 0x5c, - 0x34, 0x0e, 0xed, 0x34, 0xfa, 0x47, 0x58, 0x6e, 0xaa, 0xd3, 0xd8, 0x26, 0x89, 0x41, 0xec, 0x7f, - 0x6f, 0xc1, 0x29, 0x43, 0xaa, 0xfb, 0x60, 0x9a, 0x07, 0x69, 0xd3, 0x7c, 0xbe, 0xb0, 0xf1, 0xdc, - 0xc7, 0x36, 0xff, 0xbc, 0x05, 0xe7, 0x0d, 0xac, 0x45, 0x27, 0x71, 0x37, 0x2e, 0x6d, 0x77, 0x22, - 0x12, 0xd3, 0xed, 0x34, 0x7a, 0xc2, 0xd0, 0x5b, 0x8d, 0x11, 0x41, 0xa1, 0x7c, 0x8d, 0xec, 0x70, - 0x25, 0xf6, 0x2c, 0xd4, 0xf8, 0xe0, 0x0c, 0x23, 0xd1, 0xe3, 0xea, 0xdd, 0x96, 0x44, 0x3b, 0x56, - 0x18, 0xc8, 0x86, 0x21, 0xa6, 0x9c, 0xe8, 0x64, 0xa5, 0xcb, 0x10, 0xd0, 0x8f, 0x78, 0x93, 0xb5, - 0x60, 0x01, 0xb1, 0x97, 0x52, 0xe2, 0x2c, 0x47, 0x84, 0x7d, 0xdc, 0xe6, 0x65, 0x8f, 0xf8, 0xcd, - 0x98, 0x6e, 0x1b, 0x9c, 0x20, 0x08, 0x13, 0xb1, 0x03, 0x30, 0xb6, 0x0d, 0xd3, 0xba, 0x19, 0x9b, - 0x38, 0xf6, 0x5e, 0x89, 0x6d, 0x3e, 0xd4, 0xb4, 0x26, 0xf7, 0x63, 0xe7, 0x1a, 0xa5, 0xf4, 0xe0, - 0x72, 0x71, 0x4a, 0x89, 0xf4, 0xdf, 0xbd, 0xbe, 0x99, 0x51, 0x85, 0xb8, 0x50, 0xae, 0xf7, 0xde, - 0xc1, 0xfe, 0x56, 0x09, 0x26, 0xd2, 0x0f, 0xf4, 0x68, 0x52, 0xba, 0x5d, 0x32, 0x18, 0x65, 0x1d, - 0x14, 0x06, 0x3e, 0x36, 0xf1, 0xfa, 0x28, 0xa3, 0xd2, 0x71, 0x2a, 0x23, 0x53, 0x57, 0x96, 0xf7, - 0xd1, 0x95, 0x4f, 0xab, 0x5e, 0xaf, 0x64, 0x94, 0x53, 0x7a, 0xbd, 0xb8, 0x00, 0x95, 0x38, 0x21, - 0x9d, 0xf1, 0x6a, 0x5a, 0xd7, 0xac, 0x24, 0xa4, 0x83, 0x19, 0xc4, 0xfe, 0x2f, 0x25, 0x78, 0x34, - 0xdd, 0x87, 0x5a, 0xbd, 0x7f, 0x20, 0xa5, 0xde, 0xdf, 0x63, 0xaa, 0xf7, 0xbb, 0xbb, 0x13, 0xef, - 0xec, 0xf3, 0xd8, 0xf7, 0x8c, 0xf6, 0x47, 0x73, 0x99, 0x5e, 0x9c, 0x4a, 0xf7, 0xe2, 0xdd, 0xdd, - 0x89, 0x27, 0xfa, 0xbc, 0x63, 0xa6, 0x9b, 0x9f, 0x86, 0xa1, 0x88, 0x38, 0x71, 0x18, 0x88, 0x8e, - 0x56, 0x9f, 0x03, 0xb3, 0x56, 0x2c, 0xa0, 0xf6, 0xbf, 0xa9, 0x67, 0x3b, 0x7b, 0x8e, 0x3b, 0xd8, - 0xc2, 0x08, 0x79, 0x50, 0x61, 0x26, 0x3b, 0x57, 0x0d, 0xd7, 0x8e, 0x36, 0x8d, 0xa8, 0x8a, 0x57, - 0xa4, 0x1b, 0x35, 0xfa, 0xd5, 0x68, 0x13, 0x66, 0x2c, 0xd0, 0x36, 0xd4, 0x5c, 0x69, 0x49, 0x97, - 0x8a, 0xf0, 0x39, 0x09, 0x3b, 0x5a, 0x73, 0x1c, 0xa5, 0xba, 0x58, 0x99, 0xdf, 0x8a, 0x1b, 0x22, - 0x50, 0x6e, 0x79, 0x89, 0xf8, 0xac, 0x47, 0xdc, 0x2b, 0xcd, 0x79, 0xc6, 0x2b, 0x0e, 0xd3, 0x05, - 0x62, 0xce, 0x4b, 0x30, 0xa5, 0x8f, 0x7e, 0xc6, 0x82, 0x91, 0xd8, 0x6d, 0x2f, 0x47, 0xe1, 0x96, - 0xd7, 0x24, 0x91, 0xb0, 0x94, 0x8e, 0xa8, 0x9a, 0x56, 0x66, 0x16, 0x25, 0x41, 0xcd, 0x97, 0xef, - 0x5d, 0x35, 0x04, 0x9b, 0x7c, 0xe9, 0x0e, 0xe2, 0x51, 0xf1, 0xee, 0xb3, 0xc4, 0xf5, 0xe8, 0xda, - 0x26, 0x37, 0x4c, 0x6c, 0xa4, 0x1c, 0xd9, 0x72, 0x9c, 0xed, 0xba, 0x9b, 0x74, 0xbe, 0x69, 0x81, - 0xde, 0xb9, 0xb7, 0x3b, 0xf1, 0xe8, 0x4c, 0x3e, 0x4f, 0xdc, 0x4f, 0x18, 0xd6, 0x61, 0x9d, 0xae, - 0xef, 0x63, 0xf2, 0x46, 0x97, 0x30, 0x77, 0x48, 0x01, 0x1d, 0xb6, 0xac, 0x09, 0x66, 0x3a, 0xcc, - 0x80, 0x60, 0x93, 0x2f, 0x7a, 0x03, 0x86, 0xda, 0x4e, 0x12, 0x79, 0xdb, 0xc2, 0x07, 0x72, 0x44, - 0x5b, 0x7e, 0x91, 0xd1, 0xd2, 0xcc, 0xd9, 0xd2, 0xcf, 0x1b, 0xb1, 0x60, 0x84, 0xda, 0x50, 0x6d, - 0x93, 0xa8, 0x45, 0xc6, 0x6b, 0x45, 0xf8, 0x7b, 0x17, 0x29, 0x29, 0xcd, 0xb0, 0x4e, 0x2d, 0x1f, - 0xd6, 0x86, 0x39, 0x17, 0xf4, 0x1a, 0xd4, 0x62, 0xe2, 0x13, 0x97, 0xda, 0x2e, 0x75, 0xc6, 0xf1, - 0xbd, 0x03, 0xda, 0x71, 0xce, 0x1a, 0xf1, 0x57, 0xc4, 0xa3, 0x7c, 0x82, 0xc9, 0x7f, 0x58, 0x91, - 0xa4, 0x1d, 0xd8, 0xf1, 0xbb, 0x2d, 0x2f, 0x18, 0x87, 0x22, 0x3a, 0x70, 0x99, 0xd1, 0xca, 0x74, - 0x20, 0x6f, 0xc4, 0x82, 0x91, 0xfd, 0x1f, 0x2d, 0x40, 0x69, 0xa5, 0x76, 0x1f, 0x0c, 0xd6, 0x37, - 0xd2, 0x06, 0xeb, 0x42, 0x91, 0x56, 0x47, 0x1f, 0x9b, 0xf5, 0x37, 0xea, 0x90, 0x59, 0x0e, 0xae, - 0x93, 0x38, 0x21, 0xcd, 0xb7, 0x55, 0xf8, 0xdb, 0x2a, 0xfc, 0x6d, 0x15, 0xae, 0x54, 0xf8, 0x5a, - 0x46, 0x85, 0xbf, 0xdf, 0x98, 0xf5, 0xfa, 0xc0, 0xf4, 0x75, 0x75, 0xa2, 0x6a, 0x4a, 0x60, 0x20, - 0x50, 0x4d, 0x70, 0x75, 0x65, 0xe9, 0x7a, 0xae, 0xce, 0x7e, 0x3d, 0xad, 0xb3, 0x8f, 0xca, 0xe2, - 0x4f, 0x83, 0x96, 0xfe, 0xab, 0x25, 0x78, 0x2c, 0xad, 0xbd, 0x70, 0xe8, 0xfb, 0x61, 0x37, 0xa1, - 0x7b, 0x01, 0xf4, 0x8b, 0x16, 0x9c, 0x6e, 0xa7, 0x37, 0xe1, 0xb1, 0xf0, 0x75, 0x7e, 0xb0, 0x30, - 0xd5, 0x9a, 0xd9, 0xe5, 0x37, 0xc6, 0x85, 0x9a, 0x3d, 0x9d, 0x01, 0xc4, 0xb8, 0x47, 0x16, 0xf4, - 0x1a, 0xd4, 0xdb, 0xce, 0xf6, 0x8d, 0x4e, 0xd3, 0x49, 0xe4, 0x36, 0xac, 0xff, 0xee, 0xb9, 0x9b, - 0x78, 0xfe, 0x24, 0x3f, 0xc1, 0x9e, 0x9c, 0x0f, 0x92, 0xa5, 0x68, 0x25, 0x89, 0xbc, 0xa0, 0xc5, - 0x3d, 0x5c, 0x8b, 0x92, 0x0c, 0xd6, 0x14, 0xed, 0xaf, 0x59, 0x59, 0xdd, 0xae, 0x7a, 0x27, 0x72, - 0x12, 0xd2, 0xda, 0x41, 0x1f, 0x83, 0x2a, 0xdd, 0x2f, 0xc9, 0x5e, 0xb9, 0x55, 0xe4, 0x82, 0x63, - 0x7c, 0x09, 0xbd, 0xf6, 0xd0, 0x7f, 0x31, 0xe6, 0x4c, 0xed, 0xaf, 0x0c, 0x67, 0xd7, 0x58, 0x76, - 0x9e, 0x79, 0x11, 0xa0, 0x15, 0xae, 0x92, 0x76, 0xc7, 0xa7, 0xdd, 0x62, 0x31, 0xa7, 0xb8, 0x72, - 0x11, 0xcc, 0x29, 0x08, 0x36, 0xb0, 0xd0, 0x9f, 0xb7, 0x00, 0x5a, 0x72, 0xa8, 0xc8, 0xf5, 0xf3, - 0x46, 0x91, 0xaf, 0xa3, 0x07, 0xa2, 0x96, 0x45, 0x31, 0xc4, 0x06, 0x73, 0xf4, 0x53, 0x16, 0xd4, - 0x12, 0x29, 0x3e, 0x5f, 0x51, 0x56, 0x8b, 0x94, 0x44, 0xbe, 0xb4, 0x36, 0x25, 0x54, 0x97, 0x28, - 0xbe, 0xe8, 0x67, 0x2d, 0x80, 0x78, 0x27, 0x70, 0x97, 0x43, 0xdf, 0x73, 0x77, 0xc4, 0x42, 0x73, - 0xb3, 0x50, 0x37, 0x86, 0xa2, 0xde, 0x38, 0x49, 0x7b, 0x43, 0xff, 0xc7, 0x06, 0x67, 0xf4, 0x09, - 0xa8, 0xc5, 0x62, 0xb8, 0x89, 0xa5, 0x65, 0xb5, 0x58, 0x67, 0x0a, 0xa7, 0x2d, 0xb4, 0x92, 0xf8, - 0x87, 0x15, 0x4f, 0xf4, 0xf3, 0x16, 0x9c, 0xea, 0xa4, 0x5d, 0x5f, 0x62, 0x15, 0x29, 0x4e, 0x07, - 0x64, 0x5c, 0x6b, 0x8d, 0x33, 0x7b, 0xbb, 0x13, 0xa7, 0x32, 0x8d, 0x38, 0x2b, 0x05, 0x9a, 0x81, - 0x31, 0x3d, 0x82, 0x97, 0x3a, 0xdc, 0x0d, 0x37, 0xcc, 0xdc, 0x70, 0xec, 0x14, 0x73, 0x2e, 0x0b, - 0xc4, 0xbd, 0xf8, 0x68, 0x19, 0xce, 0x52, 0xe9, 0x76, 0xb8, 0xd5, 0x26, 0xb5, 0x72, 0xcc, 0xd6, - 0x90, 0x5a, 0xe3, 0x71, 0x31, 0x42, 0x98, 0xa3, 0x3b, 0x8b, 0x83, 0x73, 0x9f, 0xb4, 0xbf, 0x55, - 0x4a, 0xf9, 0xc5, 0x95, 0xc3, 0x8a, 0xcd, 0x31, 0x57, 0xfa, 0x0a, 0xa4, 0xca, 0x28, 0x74, 0x8e, - 0x29, 0x4f, 0x84, 0x9e, 0x63, 0xaa, 0x29, 0xc6, 0x06, 0x73, 0x6a, 0xc0, 0x8c, 0x39, 0x59, 0xb7, - 0x98, 0x98, 0xf6, 0xaf, 0x15, 0x29, 0x52, 0xef, 0x29, 0xc6, 0x63, 0x42, 0xb4, 0xb1, 0x1e, 0x10, - 0xee, 0x15, 0xc9, 0xfe, 0x56, 0xda, 0x17, 0x6f, 0x8c, 0xd8, 0x01, 0xce, 0x19, 0xbe, 0x60, 0xc1, - 0x48, 0x14, 0xfa, 0xbe, 0x17, 0xb4, 0xe8, 0xec, 0x12, 0x4b, 0xc4, 0x87, 0x8f, 0x45, 0x4b, 0x8b, - 0x69, 0xc4, 0xcc, 0x20, 0xac, 0x79, 0x62, 0x53, 0x00, 0xfb, 0x8f, 0x2c, 0x18, 0xef, 0xa7, 0x05, - 0x10, 0x81, 0x77, 0xca, 0x21, 0xae, 0x4e, 0xd9, 0x97, 0x82, 0x59, 0xe2, 0x13, 0xe5, 0xa4, 0xac, - 0x35, 0x9e, 0x12, 0xaf, 0xf9, 0xce, 0xe5, 0xfe, 0xa8, 0xf8, 0x5e, 0x74, 0xd0, 0xab, 0x70, 0xda, - 0x78, 0xaf, 0x58, 0x75, 0x4c, 0xbd, 0x31, 0x49, 0x97, 0xdd, 0xe9, 0x0c, 0xec, 0xee, 0xee, 0xc4, - 0x23, 0xd9, 0x36, 0xa1, 0xa6, 0x7a, 0xe8, 0xd8, 0xbf, 0x52, 0xca, 0x7e, 0x2d, 0xb5, 0xc2, 0x7c, - 0xd5, 0xea, 0xd9, 0xfa, 0x7d, 0xf0, 0x38, 0xb4, 0x3a, 0xdb, 0x24, 0xaa, 0x83, 0xfc, 0xfe, 0x38, - 0x0f, 0xf0, 0xa4, 0xd0, 0xfe, 0x97, 0x15, 0xb8, 0x87, 0x64, 0xea, 0x2c, 0xc8, 0xea, 0x77, 0x16, - 0x74, 0xf0, 0xe3, 0xa5, 0xcf, 0x59, 0x30, 0xe4, 0x53, 0x2b, 0x94, 0x9f, 0x77, 0x8c, 0x5c, 0x6c, - 0x1e, 0x57, 0xdf, 0x73, 0x63, 0x37, 0xe6, 0xa7, 0xd5, 0xca, 0xe5, 0xc9, 0x1b, 0xb1, 0x90, 0x01, - 0x7d, 0xdd, 0x4a, 0x1f, 0x9e, 0xf0, 0xf0, 0x23, 0xef, 0xd8, 0x64, 0x32, 0x4e, 0x64, 0xb8, 0x60, - 0xda, 0xd7, 0xdf, 0xe7, 0xac, 0x06, 0x4d, 0x02, 0xac, 0x7b, 0x81, 0xe3, 0x7b, 0x6f, 0xd2, 0xdd, - 0x74, 0x95, 0x2d, 0x2b, 0x6c, 0x9d, 0xbe, 0xac, 0x5a, 0xb1, 0x81, 0x71, 0xfe, 0xcf, 0xc1, 0x88, - 0xf1, 0xe6, 0x39, 0x87, 0xec, 0x67, 0xcd, 0x43, 0xf6, 0xba, 0x71, 0x36, 0x7e, 0xfe, 0xfd, 0x70, - 0x3a, 0x2b, 0xe0, 0x41, 0x9e, 0xb7, 0xff, 0xe7, 0x70, 0xf6, 0xc4, 0x63, 0x95, 0x44, 0x6d, 0x2a, - 0xda, 0xdb, 0x5e, 0x88, 0xb7, 0xbd, 0x10, 0x6f, 0x7b, 0x21, 0x4c, 0x47, 0xb2, 0xd8, 0x61, 0x0f, - 0xdf, 0xa7, 0x1d, 0x76, 0xca, 0x67, 0x50, 0x2b, 0xdc, 0x67, 0x60, 0xef, 0x55, 0x21, 0x65, 0x47, - 0xf1, 0xfe, 0x7e, 0x37, 0x0c, 0x47, 0xa4, 0x13, 0xde, 0xc0, 0x0b, 0x62, 0x0d, 0xd1, 0x81, 0xd4, - 0xbc, 0x19, 0x4b, 0x38, 0x5d, 0x6b, 0x3a, 0x4e, 0xb2, 0x21, 0x16, 0x11, 0xb5, 0xd6, 0x2c, 0x3b, - 0xc9, 0x06, 0x66, 0x10, 0xf4, 0x7e, 0x38, 0x99, 0x38, 0x51, 0x8b, 0x24, 0x98, 0x6c, 0xb1, 0xcf, - 0x2a, 0xce, 0xc5, 0x1e, 0x11, 0xb8, 0x27, 0x57, 0x53, 0x50, 0x9c, 0xc1, 0x46, 0x6f, 0x40, 0x65, - 0x83, 0xf8, 0x6d, 0xd1, 0xe5, 0x2b, 0xc5, 0xe9, 0x78, 0xf6, 0xae, 0x57, 0x88, 0xdf, 0xe6, 0x1a, - 0x88, 0xfe, 0xc2, 0x8c, 0x15, 0x1d, 0x6f, 0xf5, 0xcd, 0x6e, 0x9c, 0x84, 0x6d, 0xef, 0x4d, 0xe9, - 0x0e, 0xfa, 0x60, 0xc1, 0x8c, 0xaf, 0x49, 0xfa, 0xdc, 0x81, 0xa0, 0xfe, 0x62, 0xcd, 0x99, 0xc9, - 0xd1, 0xf4, 0x22, 0xf6, 0xa9, 0x76, 0x84, 0x57, 0xa7, 0x68, 0x39, 0x66, 0x25, 0x7d, 0x2e, 0x87, - 0xfa, 0x8b, 0x35, 0x67, 0xb4, 0xa3, 0xc6, 0xfd, 0x08, 0x93, 0xe1, 0x46, 0xc1, 0x32, 0xf0, 0x31, - 0x9f, 0x3b, 0xfe, 0x9f, 0x82, 0xaa, 0xbb, 0xe1, 0x44, 0xc9, 0xf8, 0x28, 0x1b, 0x34, 0xca, 0x91, - 0x31, 0x43, 0x1b, 0x31, 0x87, 0xa1, 0x27, 0xa0, 0x1c, 0x91, 0x75, 0x16, 0xbf, 0x67, 0x44, 0x76, - 0x60, 0xb2, 0x8e, 0x69, 0xbb, 0xfd, 0x4b, 0xa5, 0xb4, 0xb9, 0x94, 0x7e, 0x6f, 0x3e, 0xda, 0xdd, - 0x6e, 0x14, 0x4b, 0x67, 0x87, 0x31, 0xda, 0x59, 0x33, 0x96, 0x70, 0xf4, 0x29, 0x0b, 0x86, 0x6f, - 0xc7, 0x61, 0x10, 0x90, 0x44, 0x2c, 0x4d, 0x37, 0x0b, 0xee, 0x8a, 0xab, 0x9c, 0xba, 0x96, 0x41, - 0x34, 0x60, 0xc9, 0x97, 0x8a, 0x4b, 0xb6, 0x5d, 0xbf, 0xdb, 0xec, 0x39, 0xd0, 0xbf, 0xc4, 0x9b, - 0xb1, 0x84, 0x53, 0x54, 0x2f, 0xe0, 0xa8, 0x95, 0x34, 0xea, 0x7c, 0x20, 0x50, 0x05, 0xdc, 0xfe, - 0xcb, 0x43, 0x70, 0x2e, 0x77, 0x72, 0x50, 0x43, 0x86, 0x99, 0x0a, 0x97, 0x3d, 0x9f, 0xc8, 0x30, - 0x15, 0x66, 0xc8, 0xdc, 0x54, 0xad, 0xd8, 0xc0, 0x40, 0x3f, 0x09, 0xd0, 0x71, 0x22, 0xa7, 0x4d, - 0xc4, 0x02, 0x5e, 0x3e, 0xba, 0xbd, 0x40, 0xe5, 0x58, 0x96, 0x34, 0xf5, 0xde, 0x54, 0x35, 0xc5, - 0xd8, 0x60, 0x89, 0x5e, 0x84, 0x91, 0x88, 0xf8, 0xc4, 0x89, 0x59, 0xf8, 0x67, 0x36, 0x96, 0x1d, - 0x6b, 0x10, 0x36, 0xf1, 0xd0, 0xd3, 0x2a, 0xa2, 0x27, 0x13, 0xfd, 0x90, 0x8e, 0xea, 0x41, 0x5f, - 0xb4, 0xe0, 0xe4, 0xba, 0xe7, 0x13, 0xcd, 0x5d, 0x44, 0x9e, 0x2f, 0x1d, 0xfd, 0x25, 0x2f, 0x9b, - 0x74, 0xb5, 0x86, 0x4c, 0x35, 0xc7, 0x38, 0xc3, 0x9e, 0x7e, 0xe6, 0x2d, 0x12, 0x31, 0xd5, 0x3a, - 0x94, 0xfe, 0xcc, 0x37, 0x79, 0x33, 0x96, 0x70, 0x34, 0x0d, 0xa7, 0x3a, 0x4e, 0x1c, 0xcf, 0x44, - 0xa4, 0x49, 0x82, 0xc4, 0x73, 0x7c, 0x1e, 0x17, 0x5e, 0xd3, 0x71, 0xa1, 0xcb, 0x69, 0x30, 0xce, - 0xe2, 0xa3, 0x0f, 0xc1, 0xa3, 0x5e, 0x2b, 0x08, 0x23, 0xb2, 0xe8, 0xc5, 0xb1, 0x17, 0xb4, 0xf4, - 0x30, 0x10, 0x4e, 0x8f, 0x09, 0x41, 0xea, 0xd1, 0xf9, 0x7c, 0x34, 0xdc, 0xef, 0x79, 0xf4, 0x2c, - 0xd4, 0xe2, 0x4d, 0xaf, 0x33, 0x13, 0x35, 0x63, 0xe6, 0x20, 0xaf, 0x69, 0x17, 0xdb, 0x8a, 0x68, - 0xc7, 0x0a, 0x03, 0xb9, 0x30, 0xca, 0x3f, 0x09, 0x0f, 0x5b, 0x12, 0xfa, 0xf1, 0xb9, 0xbe, 0xcb, - 0xa3, 0x48, 0x5d, 0x9a, 0xc4, 0xce, 0x9d, 0x4b, 0xd2, 0x5d, 0xdf, 0x38, 0xbd, 0xb7, 0x3b, 0x31, - 0x7a, 0xd3, 0x20, 0x83, 0x53, 0x44, 0xed, 0x5f, 0x28, 0xa5, 0x77, 0xdc, 0xe6, 0x24, 0x45, 0x31, - 0x9d, 0x8a, 0xc9, 0x4d, 0x27, 0x92, 0xde, 0x98, 0x23, 0x86, 0xaf, 0x0b, 0xba, 0x37, 0x9d, 0xc8, - 0x9c, 0xd4, 0x8c, 0x01, 0x96, 0x9c, 0xd0, 0x6d, 0xa8, 0x24, 0xbe, 0x53, 0x50, 0xbe, 0x8b, 0xc1, - 0x51, 0x3b, 0x40, 0x16, 0xa6, 0x63, 0xcc, 0x78, 0xa0, 0xc7, 0xa9, 0xd5, 0xbf, 0x26, 0x63, 0xdc, - 0x84, 0xa1, 0xbe, 0x16, 0x63, 0xd6, 0x6a, 0xff, 0xbf, 0x5a, 0x8e, 0x5e, 0x55, 0x0b, 0x19, 0xba, - 0x08, 0x40, 0x37, 0x90, 0xcb, 0x11, 0x59, 0xf7, 0xb6, 0x85, 0x21, 0xa1, 0xe6, 0xee, 0x75, 0x05, - 0xc1, 0x06, 0x96, 0x7c, 0x66, 0xa5, 0xbb, 0x4e, 0x9f, 0x29, 0xf5, 0x3e, 0xc3, 0x21, 0xd8, 0xc0, - 0x42, 0x2f, 0xc0, 0x90, 0xd7, 0x76, 0x5a, 0x2a, 0x14, 0xef, 0x71, 0x3a, 0x69, 0xe7, 0x59, 0xcb, - 0xdd, 0xdd, 0x89, 0x93, 0x4a, 0x20, 0xd6, 0x84, 0x05, 0x2e, 0xfa, 0x15, 0x0b, 0x46, 0xdd, 0xb0, - 0xdd, 0x0e, 0x03, 0xbe, 0xed, 0x12, 0x7b, 0xc8, 0xdb, 0xc7, 0xb5, 0xcc, 0x4f, 0xce, 0x18, 0xcc, - 0xf8, 0x26, 0x52, 0x25, 0xe6, 0x98, 0x20, 0x9c, 0x92, 0xca, 0x9c, 0xdb, 0xd5, 0x7d, 0xe6, 0xf6, - 0xaf, 0x5b, 0x30, 0xc6, 0x9f, 0x35, 0x76, 0x83, 0x22, 0x07, 0x25, 0x3c, 0xe6, 0xd7, 0xea, 0xd9, - 0x20, 0x2b, 0x2f, 0x5d, 0x0f, 0x1c, 0xf7, 0x0a, 0x89, 0xe6, 0x60, 0x6c, 0x3d, 0x8c, 0x5c, 0x62, - 0x76, 0x84, 0x50, 0x4c, 0x8a, 0xd0, 0xe5, 0x2c, 0x02, 0xee, 0x7d, 0x06, 0xdd, 0x84, 0x47, 0x8c, - 0x46, 0xb3, 0x1f, 0xb8, 0x6e, 0x7a, 0x52, 0x50, 0x7b, 0xe4, 0x72, 0x2e, 0x16, 0xee, 0xf3, 0x74, - 0xda, 0x61, 0x52, 0x1f, 0xc0, 0x61, 0xf2, 0x3a, 0x3c, 0xe6, 0xf6, 0xf6, 0xcc, 0x56, 0xdc, 0x5d, - 0x8b, 0xb9, 0xa6, 0xaa, 0x35, 0x7e, 0x40, 0x10, 0x78, 0x6c, 0xa6, 0x1f, 0x22, 0xee, 0x4f, 0x03, - 0x7d, 0x0c, 0x6a, 0x11, 0x61, 0x5f, 0x25, 0x16, 0x09, 0x19, 0x47, 0xdc, 0x25, 0x6b, 0x0b, 0x94, - 0x93, 0xd5, 0xba, 0x57, 0x34, 0xc4, 0x58, 0x71, 0x3c, 0xff, 0x01, 0x18, 0xeb, 0x19, 0xcf, 0x07, - 0xf2, 0x59, 0xcc, 0xc2, 0x23, 0xf9, 0x23, 0xe7, 0x40, 0x9e, 0x8b, 0x7f, 0x90, 0x89, 0x33, 0x34, - 0xac, 0xc9, 0x01, 0xbc, 0x60, 0x0e, 0x94, 0x49, 0xb0, 0x25, 0x14, 0xe9, 0xe5, 0xa3, 0xf5, 0xde, - 0xa5, 0x60, 0x8b, 0x0f, 0x7c, 0xb6, 0xd5, 0xbf, 0x14, 0x6c, 0x61, 0x4a, 0x1b, 0x7d, 0xd9, 0x4a, - 0x59, 0x43, 0xdc, 0x77, 0xf6, 0x91, 0x63, 0x31, 0x9f, 0x07, 0x36, 0x90, 0xec, 0x7f, 0x55, 0x82, - 0x0b, 0xfb, 0x11, 0x19, 0xa0, 0xfb, 0x9e, 0x82, 0xa1, 0x98, 0x1d, 0x81, 0x0a, 0xcd, 0x34, 0x42, - 0xb5, 0x12, 0x3f, 0x14, 0x7d, 0x1d, 0x0b, 0x10, 0xf2, 0xa1, 0xdc, 0x76, 0x3a, 0xc2, 0xa5, 0x32, - 0x7f, 0xd4, 0xac, 0x02, 0xfa, 0xdf, 0xf1, 0x17, 0x9d, 0x0e, 0xdf, 0xa8, 0x1b, 0x0d, 0x98, 0xb2, - 0x41, 0x09, 0x54, 0x9d, 0x28, 0x72, 0xe4, 0x79, 0xdb, 0xb5, 0x62, 0xf8, 0x4d, 0x53, 0x92, 0x8d, - 0xb1, 0xbd, 0xdd, 0x89, 0x13, 0xa9, 0x26, 0xcc, 0x99, 0xd9, 0x9f, 0x1b, 0x4e, 0x45, 0xd6, 0xb3, - 0x43, 0xd4, 0x18, 0x86, 0x84, 0x27, 0xc5, 0x2a, 0x3a, 0x99, 0x83, 0xa7, 0x46, 0xb1, 0xcd, 0x92, - 0x48, 0x30, 0x15, 0xac, 0xd0, 0x67, 0x2d, 0x96, 0xc6, 0x29, 0xb3, 0x0d, 0xc4, 0x16, 0xe5, 0x78, - 0xb2, 0x4a, 0xcd, 0xe4, 0x50, 0xd9, 0x88, 0x4d, 0xee, 0x74, 0xe9, 0xea, 0xf0, 0x84, 0xa4, 0xec, - 0x46, 0x45, 0x26, 0x7a, 0x4a, 0x38, 0xda, 0xce, 0x39, 0x2c, 0x2d, 0x20, 0x15, 0x70, 0x80, 0xe3, - 0xd1, 0xaf, 0x5b, 0x30, 0xc6, 0xcd, 0xd1, 0x59, 0x6f, 0x7d, 0x9d, 0x44, 0x24, 0x70, 0x89, 0x34, - 0xe8, 0x8f, 0x78, 0x1c, 0x2f, 0xdd, 0x57, 0xf3, 0x59, 0xf2, 0x7a, 0x4d, 0xeb, 0x01, 0xe1, 0x5e, - 0x61, 0x50, 0x13, 0x2a, 0x5e, 0xb0, 0x1e, 0x8a, 0x95, 0xbc, 0x71, 0x34, 0xa1, 0xe6, 0x83, 0xf5, - 0x50, 0xcf, 0x66, 0xfa, 0x0f, 0x33, 0xea, 0x68, 0x01, 0xce, 0x46, 0xc2, 0xe5, 0x72, 0xc5, 0x8b, - 0xe9, 0xc6, 0x78, 0xc1, 0x6b, 0x7b, 0x09, 0x5b, 0x85, 0xcb, 0x8d, 0xf1, 0xbd, 0xdd, 0x89, 0xb3, - 0x38, 0x07, 0x8e, 0x73, 0x9f, 0x42, 0x6f, 0xc2, 0xb0, 0xcc, 0x3b, 0xad, 0x15, 0xb1, 0x39, 0xea, - 0x1d, 0xff, 0x6a, 0x30, 0xad, 0x88, 0x14, 0x53, 0xc9, 0xd0, 0xfe, 0xe2, 0x08, 0xf4, 0x9e, 0x0d, - 0xa2, 0x8f, 0x43, 0x3d, 0x52, 0xb9, 0xb0, 0x56, 0x11, 0xf1, 0x7d, 0xf2, 0xfb, 0x8a, 0x73, 0x49, - 0x65, 0x0f, 0xe8, 0xac, 0x57, 0xcd, 0x91, 0x5a, 0xed, 0xb1, 0x3e, 0x42, 0x2c, 0x60, 0x6c, 0x0b, - 0xae, 0xfa, 0x78, 0x68, 0x27, 0x70, 0x31, 0xe3, 0x81, 0x22, 0x18, 0xda, 0x20, 0x8e, 0x9f, 0x6c, - 0x14, 0xe3, 0xc9, 0xbe, 0xc2, 0x68, 0x65, 0xb3, 0x26, 0x78, 0x2b, 0x16, 0x9c, 0xd0, 0x36, 0x0c, - 0x6f, 0xf0, 0x01, 0x20, 0x0c, 0xe9, 0xc5, 0xa3, 0x76, 0x6e, 0x6a, 0x54, 0xe9, 0xcf, 0x2d, 0x1a, - 0xb0, 0x64, 0xc7, 0x22, 0x2d, 0x8c, 0x63, 0x71, 0x3e, 0x75, 0x8b, 0x4b, 0x18, 0x19, 0xfc, 0x4c, - 0xfc, 0xa3, 0x30, 0x1a, 0x11, 0x37, 0x0c, 0x5c, 0xcf, 0x27, 0xcd, 0x69, 0xe9, 0xa5, 0x3e, 0x48, - 0x9a, 0x01, 0xdb, 0x8c, 0x62, 0x83, 0x06, 0x4e, 0x51, 0x44, 0x9f, 0xb1, 0xe0, 0xa4, 0x4a, 0xa0, - 0xa3, 0x1f, 0x84, 0x08, 0xaf, 0xe8, 0x42, 0x41, 0xe9, 0x7a, 0x8c, 0x66, 0x03, 0xed, 0xed, 0x4e, - 0x9c, 0x4c, 0xb7, 0xe1, 0x0c, 0x5f, 0xf4, 0x2a, 0x40, 0xb8, 0xc6, 0xc3, 0x29, 0xa6, 0x13, 0xe1, - 0x22, 0x3d, 0xc8, 0xab, 0x9e, 0xe4, 0xf9, 0x46, 0x92, 0x02, 0x36, 0xa8, 0xa1, 0x6b, 0x00, 0x7c, - 0xda, 0xac, 0xee, 0x74, 0xa4, 0xb5, 0x2d, 0xf3, 0x44, 0x60, 0x45, 0x41, 0xee, 0xee, 0x4e, 0xf4, - 0xba, 0xac, 0xd8, 0xe9, 0xbd, 0xf1, 0x38, 0xfa, 0x09, 0x18, 0x8e, 0xbb, 0xed, 0xb6, 0xa3, 0x1c, - 0xa8, 0x05, 0x66, 0x30, 0x71, 0xba, 0x86, 0x2a, 0xe2, 0x0d, 0x58, 0x72, 0x44, 0xb7, 0xa9, 0x52, - 0x8d, 0x85, 0x2f, 0x8d, 0xcd, 0x22, 0x6e, 0x13, 0x8c, 0xb0, 0x77, 0x7a, 0x9f, 0x8c, 0x0e, 0xc1, - 0x39, 0x38, 0x77, 0x77, 0x27, 0x1e, 0x49, 0xb7, 0x2f, 0x84, 0x22, 0xa7, 0x28, 0x97, 0x26, 0xba, - 0x2a, 0xcb, 0x50, 0xd0, 0xd7, 0x96, 0xd9, 0xd1, 0xcf, 0xe8, 0x32, 0x14, 0xac, 0xb9, 0x7f, 0x9f, - 0x99, 0x0f, 0xa3, 0x45, 0x38, 0xe3, 0x86, 0x41, 0x12, 0x85, 0xbe, 0xcf, 0x6b, 0xab, 0xf0, 0x8d, - 0x0f, 0x77, 0xb0, 0xbe, 0x53, 0x88, 0x7d, 0x66, 0xa6, 0x17, 0x05, 0xe7, 0x3d, 0x67, 0x07, 0xe9, - 0x38, 0x33, 0xd1, 0x39, 0x2f, 0xc0, 0x28, 0xd9, 0x4e, 0x48, 0x14, 0x38, 0xfe, 0x0d, 0xbc, 0x20, - 0x5d, 0x8b, 0x6c, 0x0e, 0x5c, 0x32, 0xda, 0x71, 0x0a, 0x0b, 0xd9, 0x6a, 0xb7, 0x5f, 0xd2, 0x89, - 0x77, 0x7c, 0xb7, 0x2f, 0xf7, 0xf6, 0xf6, 0xff, 0x2a, 0xa5, 0x0c, 0xb2, 0xd5, 0x88, 0x10, 0x14, - 0x42, 0x35, 0x08, 0x9b, 0x4a, 0xf7, 0x5f, 0x2d, 0x46, 0xf7, 0x5f, 0x0f, 0x9b, 0x46, 0xad, 0x0a, - 0xfa, 0x2f, 0xc6, 0x9c, 0x0f, 0x4b, 0xe6, 0x97, 0x55, 0x0f, 0x18, 0x40, 0x6c, 0x34, 0x8a, 0xe4, - 0xac, 0x92, 0xf9, 0x97, 0x4c, 0x46, 0x38, 0xcd, 0x17, 0x6d, 0x42, 0x75, 0x23, 0x8c, 0x13, 0xb9, - 0xfd, 0x38, 0xe2, 0x4e, 0xe7, 0x4a, 0x18, 0x27, 0xcc, 0x8a, 0x50, 0xaf, 0x4d, 0x5b, 0x62, 0xcc, - 0x79, 0xd8, 0xff, 0xc9, 0x4a, 0x39, 0x92, 0x6f, 0xb1, 0x98, 0xcb, 0x2d, 0x12, 0xd0, 0x69, 0x6d, - 0xc6, 0xdb, 0xfc, 0xd9, 0x4c, 0xe2, 0xd7, 0xbb, 0xfa, 0x55, 0x0e, 0xba, 0x43, 0x29, 0x4c, 0x32, - 0x12, 0x46, 0x68, 0xce, 0x27, 0xad, 0x74, 0x0a, 0x5e, 0xa9, 0x88, 0x0d, 0x86, 0x99, 0x62, 0xba, - 0x6f, 0x36, 0x9f, 0xfd, 0x65, 0x0b, 0x86, 0x1b, 0x8e, 0xbb, 0x19, 0xae, 0xaf, 0xa3, 0x67, 0xa1, - 0xd6, 0xec, 0x46, 0x66, 0x36, 0xa0, 0xda, 0x3d, 0xcf, 0x8a, 0x76, 0xac, 0x30, 0xe8, 0x18, 0x5e, - 0x77, 0x5c, 0x99, 0x68, 0x5a, 0xe6, 0x63, 0xf8, 0x32, 0x6b, 0xc1, 0x02, 0x82, 0x5e, 0x84, 0x91, - 0xb6, 0xb3, 0x2d, 0x1f, 0xce, 0x7a, 0xb1, 0x17, 0x35, 0x08, 0x9b, 0x78, 0xf6, 0x3f, 0xb7, 0x60, - 0xbc, 0xe1, 0xc4, 0x9e, 0x3b, 0xdd, 0x4d, 0x36, 0x1a, 0x5e, 0xb2, 0xd6, 0x75, 0x37, 0x49, 0xc2, - 0xb3, 0x8b, 0xa9, 0x94, 0xdd, 0x98, 0x4e, 0x25, 0xb5, 0xaf, 0x53, 0x52, 0xde, 0x10, 0xed, 0x58, - 0x61, 0xa0, 0x37, 0x61, 0xa4, 0xe3, 0xc4, 0xf1, 0x9d, 0x30, 0x6a, 0x62, 0xb2, 0x5e, 0x4c, 0x6e, - 0xff, 0x0a, 0x71, 0x23, 0x92, 0x60, 0xb2, 0x2e, 0x4e, 0x5a, 0x35, 0x7d, 0x6c, 0x32, 0xb3, 0xbf, - 0x60, 0xc1, 0x63, 0x0d, 0xe2, 0x44, 0x24, 0x62, 0xa5, 0x00, 0xd4, 0x8b, 0xcc, 0xf8, 0x61, 0xb7, - 0x89, 0xde, 0x80, 0x5a, 0x42, 0x9b, 0xa9, 0x58, 0x56, 0xb1, 0x62, 0xb1, 0x83, 0xd2, 0x55, 0x41, - 0x1c, 0x2b, 0x36, 0xf6, 0x5f, 0xb1, 0x60, 0x94, 0x9d, 0x39, 0xcd, 0x92, 0xc4, 0xf1, 0xfc, 0x9e, - 0x8a, 0x39, 0xd6, 0x80, 0x15, 0x73, 0x2e, 0x40, 0x65, 0x23, 0x6c, 0x93, 0xec, 0x79, 0xe9, 0x95, - 0x90, 0x6e, 0xab, 0x29, 0x04, 0x3d, 0x4f, 0x3f, 0xbc, 0x17, 0x24, 0x0e, 0x9d, 0x02, 0xd2, 0xa7, - 0x79, 0x8a, 0x7f, 0x74, 0xd5, 0x8c, 0x4d, 0x1c, 0xfb, 0xb7, 0xea, 0x30, 0x2c, 0x0e, 0xd5, 0x07, - 0xce, 0x30, 0x97, 0xfb, 0xfb, 0x52, 0xdf, 0xfd, 0x7d, 0x0c, 0x43, 0x2e, 0xab, 0xc7, 0x25, 0xcc, - 0xc8, 0x6b, 0x85, 0x44, 0x61, 0xf0, 0x12, 0x5f, 0x5a, 0x2c, 0xfe, 0x1f, 0x0b, 0x56, 0xe8, 0x4b, - 0x16, 0x9c, 0x72, 0xc3, 0x20, 0x20, 0xae, 0xb6, 0x71, 0x2a, 0x45, 0x1c, 0xb6, 0xcf, 0xa4, 0x89, - 0xea, 0x03, 0x8f, 0x0c, 0x00, 0x67, 0xd9, 0xa3, 0x97, 0xe1, 0x04, 0xef, 0xb3, 0x9b, 0x29, 0x47, - 0xac, 0x2e, 0xa4, 0x62, 0x02, 0x71, 0x1a, 0x17, 0x4d, 0x72, 0x87, 0xb6, 0x28, 0x59, 0x32, 0xa4, - 0x4f, 0xcf, 0x8c, 0x62, 0x25, 0x06, 0x06, 0x8a, 0x00, 0x45, 0x64, 0x3d, 0x22, 0xf1, 0x86, 0x08, - 0x3a, 0x60, 0xf6, 0xd5, 0xf0, 0xe1, 0x32, 0x56, 0x71, 0x0f, 0x25, 0x9c, 0x43, 0x1d, 0x6d, 0x8a, - 0x0d, 0x66, 0xad, 0x08, 0x1d, 0x2a, 0x3e, 0x73, 0xdf, 0x7d, 0xe6, 0x04, 0x54, 0xe3, 0x0d, 0x27, - 0x6a, 0x32, 0xbb, 0xae, 0xcc, 0xb3, 0x24, 0x56, 0x68, 0x03, 0xe6, 0xed, 0x68, 0x16, 0x4e, 0x67, - 0xca, 0xc0, 0xc4, 0xc2, 0x61, 0xaa, 0x42, 0xfb, 0x33, 0x05, 0x64, 0x62, 0xdc, 0xf3, 0x84, 0xe9, - 0x7c, 0x18, 0xd9, 0xc7, 0xf9, 0xb0, 0xa3, 0x42, 0xdb, 0x46, 0xd9, 0xfa, 0xf8, 0x4a, 0x21, 0x1d, - 0x30, 0x50, 0x1c, 0xdb, 0xe7, 0x33, 0x71, 0x6c, 0x27, 0x98, 0x00, 0x37, 0x8b, 0x11, 0xe0, 0xe0, - 0x41, 0x6b, 0x0f, 0x32, 0x08, 0xed, 0x7f, 0x58, 0x20, 0xbf, 0xeb, 0x8c, 0xe3, 0x6e, 0x10, 0x3a, - 0x64, 0xd0, 0xfb, 0xe1, 0xa4, 0xda, 0x42, 0xcf, 0x84, 0xdd, 0x80, 0xc7, 0x9f, 0x95, 0xf5, 0xc9, - 0x28, 0x4e, 0x41, 0x71, 0x06, 0x1b, 0x4d, 0x41, 0x9d, 0xf6, 0x13, 0x7f, 0x94, 0xaf, 0xb5, 0x6a, - 0x9b, 0x3e, 0xbd, 0x3c, 0x2f, 0x9e, 0xd2, 0x38, 0x28, 0x84, 0x31, 0xdf, 0x89, 0x13, 0x26, 0x01, - 0xdd, 0x51, 0x1f, 0x32, 0x5f, 0x9c, 0xc5, 0x8f, 0x2f, 0x64, 0x09, 0xe1, 0x5e, 0xda, 0xf6, 0xb7, - 0x2b, 0x70, 0x22, 0xa5, 0x19, 0x0f, 0xb8, 0x48, 0x3f, 0x0b, 0x35, 0xb9, 0x6e, 0x66, 0xab, 0x56, - 0xa8, 0xc5, 0x55, 0x61, 0xd0, 0x45, 0x6b, 0x4d, 0xaf, 0xaa, 0x59, 0xa3, 0xc2, 0x58, 0x70, 0xb1, - 0x89, 0xc7, 0x94, 0x72, 0xe2, 0xc7, 0x33, 0xbe, 0x47, 0x82, 0x84, 0x8b, 0x59, 0x8c, 0x52, 0x5e, - 0x5d, 0x58, 0x31, 0x89, 0x6a, 0xa5, 0x9c, 0x01, 0xe0, 0x2c, 0x7b, 0xf4, 0xd3, 0x16, 0x9c, 0x70, - 0xee, 0xc4, 0xba, 0x68, 0xa4, 0x88, 0x58, 0x3b, 0xe2, 0x22, 0x95, 0xaa, 0x43, 0xc9, 0x5d, 0xbe, - 0xa9, 0x26, 0x9c, 0x66, 0x8a, 0xbe, 0x6a, 0x01, 0x22, 0xdb, 0xc4, 0x95, 0x31, 0x75, 0x42, 0x96, - 0xa1, 0x22, 0x76, 0x9a, 0x97, 0x7a, 0xe8, 0x72, 0xad, 0xde, 0xdb, 0x8e, 0x73, 0x64, 0xb0, 0xff, - 0x71, 0x59, 0x4d, 0x28, 0x1d, 0xc6, 0xe9, 0x18, 0xe1, 0x64, 0xd6, 0xe1, 0xc3, 0xc9, 0xf4, 0xb1, - 0x7c, 0x6f, 0x1a, 0x5a, 0x2a, 0xfd, 0xa6, 0xf4, 0x80, 0xd2, 0x6f, 0x7e, 0xca, 0x4a, 0xd5, 0x67, - 0x19, 0xb9, 0xf8, 0x6a, 0xb1, 0x21, 0xa4, 0x93, 0x3c, 0x64, 0x20, 0xa3, 0xdd, 0xd3, 0x91, 0x22, - 0x54, 0x9b, 0x1a, 0x68, 0x07, 0xd2, 0x86, 0xff, 0xae, 0x0c, 0x23, 0xc6, 0x4a, 0x9a, 0x6b, 0x16, - 0x59, 0x0f, 0x99, 0x59, 0x54, 0x3a, 0x80, 0x59, 0xf4, 0x93, 0x50, 0x77, 0xa5, 0x96, 0x2f, 0xa6, - 0x42, 0x69, 0x76, 0xed, 0xd0, 0x8a, 0x5e, 0x35, 0x61, 0xcd, 0x13, 0xcd, 0xa5, 0xf2, 0x57, 0xc4, - 0x0a, 0x51, 0x61, 0x2b, 0x44, 0x5e, 0x82, 0x89, 0x58, 0x29, 0x7a, 0x9f, 0x61, 0x65, 0x7c, 0x3a, - 0x9e, 0x78, 0x2f, 0x19, 0xe8, 0xcd, 0xcb, 0xf8, 0x2c, 0xcf, 0xcb, 0x66, 0x6c, 0xe2, 0xd8, 0xdf, - 0xb6, 0xd4, 0xc7, 0xbd, 0x0f, 0x49, 0xed, 0xb7, 0xd3, 0x49, 0xed, 0x97, 0x0a, 0xe9, 0xe6, 0x3e, - 0xd9, 0xec, 0xd7, 0x61, 0x78, 0x26, 0x6c, 0xb7, 0x9d, 0xa0, 0x89, 0x7e, 0x10, 0x86, 0x5d, 0xfe, - 0x53, 0x38, 0x76, 0xd8, 0xf1, 0xa0, 0x80, 0x62, 0x09, 0x43, 0x8f, 0x43, 0xc5, 0x89, 0x5a, 0xd2, - 0x99, 0xc3, 0x22, 0x4c, 0xa6, 0xa3, 0x56, 0x8c, 0x59, 0xab, 0xfd, 0xf7, 0x2b, 0x00, 0x33, 0x61, - 0xbb, 0xe3, 0x44, 0xa4, 0xb9, 0x1a, 0xb2, 0x0a, 0x69, 0xc7, 0x7a, 0xa8, 0xa6, 0x37, 0x4b, 0x0f, - 0xf3, 0xc1, 0x9a, 0x71, 0xb8, 0x52, 0xbe, 0xcf, 0x87, 0x2b, 0x7d, 0xce, 0xcb, 0x2a, 0x0f, 0xd1, - 0x79, 0x99, 0xfd, 0x39, 0x0b, 0x10, 0x1d, 0x34, 0x61, 0x40, 0x82, 0x44, 0x1f, 0x68, 0x4f, 0x41, - 0xdd, 0x95, 0xad, 0xc2, 0xb0, 0xd2, 0x2a, 0x42, 0x02, 0xb0, 0xc6, 0x19, 0x60, 0x87, 0xfc, 0x94, - 0xd4, 0xdf, 0xe5, 0x74, 0x70, 0x2a, 0xd3, 0xfa, 0x42, 0x9d, 0xdb, 0xbf, 0x5d, 0x82, 0x47, 0xf8, - 0x92, 0xbc, 0xe8, 0x04, 0x4e, 0x8b, 0xb4, 0xa9, 0x54, 0x83, 0x86, 0x28, 0xb8, 0x74, 0x6b, 0xe6, - 0xc9, 0x60, 0xd3, 0xa3, 0xce, 0x5d, 0x3e, 0xe7, 0xf8, 0x2c, 0x9b, 0x0f, 0xbc, 0x04, 0x33, 0xe2, - 0x28, 0x86, 0x9a, 0x2c, 0xc9, 0x2d, 0x74, 0x71, 0x41, 0x8c, 0x94, 0x5a, 0x12, 0xeb, 0x26, 0xc1, - 0x8a, 0x11, 0x35, 0x5c, 0xfd, 0xd0, 0xdd, 0xc4, 0xa4, 0x13, 0x32, 0xbd, 0x6b, 0xc4, 0xfa, 0x2d, - 0x88, 0x76, 0xac, 0x30, 0xec, 0xdf, 0xb6, 0x20, 0xbb, 0x22, 0x19, 0xe5, 0xaa, 0xac, 0x7b, 0x96, - 0xab, 0x3a, 0x40, 0xbd, 0xa8, 0x1f, 0x87, 0x11, 0x27, 0xa1, 0x46, 0x04, 0xdf, 0x76, 0x97, 0x0f, - 0x77, 0xac, 0xb1, 0x18, 0x36, 0xbd, 0x75, 0x8f, 0x6d, 0xb7, 0x4d, 0x72, 0xf6, 0x7f, 0xab, 0xc0, - 0x58, 0x4f, 0x4a, 0x04, 0x7a, 0x09, 0x46, 0x5d, 0x31, 0x3c, 0x3a, 0xd2, 0xa1, 0x55, 0x37, 0x63, - 0xc3, 0x34, 0x0c, 0xa7, 0x30, 0x07, 0x18, 0xa0, 0xf3, 0x70, 0x26, 0xa2, 0x1b, 0xfd, 0x2e, 0x99, - 0x5e, 0x4f, 0x48, 0xb4, 0x42, 0xdc, 0x30, 0x68, 0xf2, 0xa2, 0x6a, 0xe5, 0xc6, 0xa3, 0x7b, 0xbb, - 0x13, 0x67, 0x70, 0x2f, 0x18, 0xe7, 0x3d, 0x83, 0x3a, 0x70, 0xc2, 0x37, 0x6d, 0x40, 0xb1, 0x01, - 0x38, 0x94, 0xf9, 0xa8, 0x6c, 0x84, 0x54, 0x33, 0x4e, 0x33, 0x48, 0x1b, 0x92, 0xd5, 0x07, 0x64, - 0x48, 0x7e, 0x5a, 0x1b, 0x92, 0xfc, 0xfc, 0xfd, 0xc3, 0x05, 0xa7, 0xc4, 0x1c, 0xb7, 0x25, 0xf9, - 0x0a, 0xd4, 0x64, 0x6c, 0xd2, 0x40, 0x31, 0x3d, 0x26, 0x9d, 0x3e, 0x1a, 0xed, 0x6e, 0x09, 0x72, - 0x36, 0x21, 0x74, 0x9e, 0xe9, 0x15, 0x3f, 0x35, 0xcf, 0x0e, 0xb6, 0xea, 0xa3, 0x6d, 0x1e, 0x97, - 0xc5, 0xd7, 0xb6, 0x0f, 0x15, 0xbd, 0x89, 0xd2, 0xa1, 0x5a, 0x2a, 0x53, 0x40, 0x85, 0x6b, 0x5d, - 0x04, 0xd0, 0x86, 0x9a, 0x88, 0x03, 0x57, 0xc7, 0xbe, 0xda, 0x9e, 0xc3, 0x06, 0x16, 0xdd, 0x53, - 0x7b, 0x41, 0x9c, 0x38, 0xbe, 0x7f, 0xc5, 0x0b, 0x12, 0xe1, 0x1c, 0x54, 0x8b, 0xf8, 0xbc, 0x06, - 0x61, 0x13, 0xef, 0xfc, 0xfb, 0x8c, 0xef, 0x72, 0x90, 0xef, 0xb9, 0x01, 0x8f, 0xcd, 0x79, 0x89, - 0xca, 0x5e, 0x50, 0xe3, 0x88, 0xda, 0x61, 0x2a, 0x1b, 0xc7, 0xea, 0x9b, 0x8d, 0x63, 0x64, 0x0f, - 0x94, 0xd2, 0xc9, 0x0e, 0xd9, 0xec, 0x01, 0xfb, 0x25, 0x38, 0x3b, 0xe7, 0x25, 0x97, 0x3d, 0x9f, - 0x1c, 0x90, 0x89, 0xfd, 0x9b, 0x43, 0x30, 0x6a, 0xe6, 0xbf, 0x1d, 0x24, 0xa1, 0xe8, 0x0b, 0xd4, - 0xd4, 0x12, 0x6f, 0xe7, 0xa9, 0x43, 0xb3, 0x5b, 0x47, 0x4e, 0xc6, 0xcb, 0xef, 0x31, 0xc3, 0xda, - 0xd2, 0x3c, 0xb1, 0x29, 0x00, 0xba, 0x03, 0xd5, 0x75, 0x16, 0xdd, 0x5e, 0x2e, 0x22, 0xb2, 0x20, - 0xaf, 0x47, 0xf5, 0x34, 0xe3, 0xf1, 0xf1, 0x9c, 0x1f, 0x5d, 0x21, 0xa3, 0x74, 0xca, 0x94, 0x11, - 0x91, 0x29, 0x92, 0xa5, 0x14, 0x46, 0x3f, 0x55, 0x5f, 0x3d, 0x84, 0xaa, 0x4f, 0x29, 0xde, 0xa1, - 0x07, 0xa4, 0x78, 0x59, 0xa6, 0x42, 0xb2, 0xc1, 0xec, 0x37, 0x11, 0x42, 0x3e, 0xcc, 0x3a, 0xc1, - 0xc8, 0x54, 0x48, 0x81, 0x71, 0x16, 0x1f, 0x7d, 0x42, 0xa9, 0xee, 0x5a, 0x11, 0x7e, 0x55, 0x73, - 0x44, 0x1f, 0xb7, 0xd6, 0xfe, 0x5c, 0x09, 0x4e, 0xce, 0x05, 0xdd, 0xe5, 0xb9, 0xe5, 0xee, 0x9a, - 0xef, 0xb9, 0xd7, 0xc8, 0x0e, 0x55, 0xcd, 0x9b, 0x64, 0x67, 0x7e, 0x56, 0xcc, 0x20, 0x35, 0x66, - 0xae, 0xd1, 0x46, 0xcc, 0x61, 0x54, 0x19, 0xad, 0x7b, 0x41, 0x8b, 0x44, 0x9d, 0xc8, 0x13, 0x2e, - 0x4f, 0x43, 0x19, 0x5d, 0xd6, 0x20, 0x6c, 0xe2, 0x51, 0xda, 0xe1, 0x9d, 0x80, 0x44, 0x59, 0x43, - 0x76, 0x89, 0x36, 0x62, 0x0e, 0xa3, 0x48, 0x49, 0xd4, 0x8d, 0x13, 0x31, 0x18, 0x15, 0xd2, 0x2a, - 0x6d, 0xc4, 0x1c, 0x46, 0x67, 0x7a, 0xdc, 0x5d, 0x63, 0x81, 0x1b, 0x99, 0x78, 0xf5, 0x15, 0xde, - 0x8c, 0x25, 0x9c, 0xa2, 0x6e, 0x92, 0x9d, 0x59, 0xba, 0xeb, 0xcd, 0xa4, 0xad, 0x5c, 0xe3, 0xcd, - 0x58, 0xc2, 0x59, 0x35, 0xb8, 0x74, 0x77, 0x7c, 0xcf, 0x55, 0x83, 0x4b, 0x8b, 0xdf, 0x67, 0xff, - 0xfc, 0xcb, 0x16, 0x8c, 0x9a, 0xe1, 0x56, 0xa8, 0x95, 0xb1, 0x71, 0x97, 0x7a, 0x8a, 0x89, 0xfe, - 0x68, 0xde, 0xcd, 0x49, 0x2d, 0x2f, 0x09, 0x3b, 0xf1, 0x73, 0x24, 0x68, 0x79, 0x01, 0x61, 0xa7, - 0xe8, 0x3c, 0x4c, 0x2b, 0x15, 0xcb, 0x35, 0x13, 0x36, 0xc9, 0x21, 0x8c, 0x64, 0xfb, 0x16, 0x8c, - 0xf5, 0xe4, 0x2a, 0x0d, 0x60, 0x5a, 0xec, 0x9b, 0x29, 0x6a, 0x63, 0x18, 0xa1, 0x84, 0x65, 0x69, - 0x95, 0x19, 0x18, 0xe3, 0x13, 0x89, 0x72, 0x5a, 0x71, 0x37, 0x48, 0x5b, 0xe5, 0x9f, 0x31, 0xff, - 0xfa, 0xcd, 0x2c, 0x10, 0xf7, 0xe2, 0xdb, 0x9f, 0xb7, 0xe0, 0x44, 0x2a, 0x7d, 0xac, 0x20, 0x23, - 0x88, 0xcd, 0xb4, 0x90, 0x45, 0xff, 0xb1, 0x10, 0xe8, 0x32, 0x5b, 0x4c, 0xf5, 0x4c, 0xd3, 0x20, - 0x6c, 0xe2, 0xd9, 0x5f, 0x2e, 0x41, 0x4d, 0x46, 0x50, 0x0c, 0x20, 0xca, 0x67, 0x2d, 0x38, 0xa1, - 0xce, 0x34, 0x98, 0xb3, 0xac, 0x54, 0x44, 0xac, 0x3f, 0x95, 0x40, 0x6d, 0xb7, 0x83, 0xf5, 0x50, - 0x5b, 0xe4, 0xd8, 0x64, 0x86, 0xd3, 0xbc, 0xd1, 0x4d, 0x80, 0x78, 0x27, 0x4e, 0x48, 0xdb, 0x70, - 0xdb, 0xd9, 0xc6, 0x8c, 0x9b, 0x74, 0xc3, 0x88, 0xd0, 0xf9, 0x75, 0x3d, 0x6c, 0x92, 0x15, 0x85, - 0xa9, 0x4d, 0x28, 0xdd, 0x86, 0x0d, 0x4a, 0xf6, 0xdf, 0x2d, 0xc1, 0xe9, 0xac, 0x48, 0xe8, 0xc3, - 0x30, 0x2a, 0xb9, 0x1b, 0xb7, 0x40, 0xc9, 0xb0, 0x91, 0x51, 0x6c, 0xc0, 0xee, 0xee, 0x4e, 0x4c, - 0xf4, 0xde, 0xc2, 0x35, 0x69, 0xa2, 0xe0, 0x14, 0x31, 0x7e, 0xb0, 0x24, 0x4e, 0x40, 0x1b, 0x3b, - 0xd3, 0x9d, 0x8e, 0x38, 0x1d, 0x32, 0x0e, 0x96, 0x4c, 0x28, 0xce, 0x60, 0xa3, 0x65, 0x38, 0x6b, - 0xb4, 0x5c, 0x27, 0x5e, 0x6b, 0x63, 0x2d, 0x8c, 0xe4, 0xce, 0xea, 0x71, 0x1d, 0xd8, 0xd5, 0x8b, - 0x83, 0x73, 0x9f, 0xa4, 0xab, 0xbd, 0xeb, 0x74, 0x1c, 0xd7, 0x4b, 0x76, 0x84, 0x1f, 0x52, 0xe9, - 0xa6, 0x19, 0xd1, 0x8e, 0x15, 0x86, 0xbd, 0x08, 0x95, 0x01, 0x47, 0xd0, 0x40, 0x16, 0xfd, 0x2b, - 0x50, 0xa3, 0xe4, 0xa4, 0x79, 0x57, 0x04, 0xc9, 0x10, 0x6a, 0xf2, 0x22, 0x07, 0x64, 0x43, 0xd9, - 0x73, 0xe4, 0xd9, 0x9d, 0x7a, 0xad, 0xf9, 0x38, 0xee, 0xb2, 0x4d, 0x32, 0x05, 0xa2, 0xa7, 0xa0, - 0x4c, 0xb6, 0x3b, 0xd9, 0x43, 0xba, 0x4b, 0xdb, 0x1d, 0x2f, 0x22, 0x31, 0x45, 0x22, 0xdb, 0x1d, - 0x74, 0x1e, 0x4a, 0x5e, 0x53, 0x2c, 0x52, 0x20, 0x70, 0x4a, 0xf3, 0xb3, 0xb8, 0xe4, 0x35, 0xed, - 0x6d, 0xa8, 0xab, 0x9b, 0x23, 0xd0, 0xa6, 0xd4, 0xdd, 0x56, 0x11, 0x21, 0x4f, 0x92, 0x6e, 0x1f, - 0xad, 0xdd, 0x05, 0xd0, 0x79, 0x74, 0x45, 0xe9, 0x97, 0x0b, 0x50, 0x71, 0x43, 0x91, 0xe3, 0x5b, - 0xd3, 0x64, 0x98, 0xd2, 0x66, 0x10, 0xfb, 0x16, 0x9c, 0xbc, 0x16, 0x84, 0x77, 0x58, 0x69, 0x6c, - 0x56, 0xd2, 0x8a, 0x12, 0x5e, 0xa7, 0x3f, 0xb2, 0x26, 0x02, 0x83, 0x62, 0x0e, 0x53, 0x65, 0x8f, - 0x4a, 0xfd, 0xca, 0x1e, 0xd9, 0x9f, 0xb4, 0xe0, 0xb4, 0xca, 0x06, 0x92, 0xda, 0xf8, 0x25, 0x18, - 0x5d, 0xeb, 0x7a, 0x7e, 0x53, 0x16, 0xca, 0xca, 0xb8, 0x29, 0x1a, 0x06, 0x0c, 0xa7, 0x30, 0xe9, - 0xa6, 0x6a, 0xcd, 0x0b, 0x9c, 0x68, 0x67, 0x59, 0xab, 0x7f, 0xa5, 0x11, 0x1a, 0x0a, 0x82, 0x0d, - 0x2c, 0xfb, 0xb3, 0xa6, 0x08, 0x22, 0xff, 0x68, 0x80, 0x9e, 0xbd, 0x01, 0x55, 0x57, 0x9d, 0xf5, - 0x1e, 0xaa, 0x98, 0x9f, 0xca, 0x2f, 0x67, 0xfe, 0x7e, 0x4e, 0xcd, 0xfe, 0x27, 0x25, 0x38, 0x91, - 0xaa, 0x59, 0x82, 0x7c, 0xa8, 0x11, 0x9f, 0xb9, 0xf2, 0xe4, 0x10, 0x3b, 0x6a, 0xb9, 0x48, 0x35, - 0x2d, 0x2e, 0x09, 0xba, 0x58, 0x71, 0x78, 0x38, 0x8e, 0xd4, 0x5e, 0x82, 0x51, 0x29, 0xd0, 0x87, - 0x9c, 0xb6, 0x2f, 0x66, 0xa1, 0x1a, 0x00, 0x97, 0x0c, 0x18, 0x4e, 0x61, 0xda, 0xff, 0xac, 0x0c, - 0xe3, 0xdc, 0xf7, 0xd9, 0x54, 0x51, 0x2f, 0x8b, 0xd2, 0xca, 0xfa, 0x0b, 0xba, 0xb2, 0x10, 0xef, - 0xc8, 0xb5, 0xa3, 0x56, 0x67, 0xce, 0x67, 0x34, 0x50, 0x3c, 0xc6, 0x2f, 0x66, 0xe2, 0x31, 0xf8, - 0x62, 0xdb, 0x3a, 0x26, 0x89, 0xbe, 0xb7, 0x02, 0x34, 0xfe, 0x56, 0x09, 0x4e, 0x65, 0x4a, 0x5f, - 0xa3, 0x2f, 0xa6, 0xcb, 0x3e, 0x5a, 0x45, 0x78, 0xc8, 0xee, 0x59, 0x0d, 0xf9, 0x60, 0xc5, 0x1f, - 0x1f, 0xd0, 0x54, 0xb1, 0x7f, 0xb7, 0x04, 0x27, 0xd3, 0x35, 0xbb, 0x1f, 0xc2, 0x9e, 0x7a, 0x0f, - 0xd4, 0x59, 0x59, 0x5a, 0x76, 0xcf, 0x18, 0x77, 0xc4, 0xf1, 0x52, 0xa6, 0xb2, 0x11, 0x6b, 0xf8, - 0x43, 0x51, 0x53, 0xd3, 0xfe, 0xdb, 0x16, 0x9c, 0xe3, 0x6f, 0x99, 0x1d, 0x87, 0x7f, 0x31, 0xaf, - 0x77, 0x5f, 0x2b, 0x56, 0xc0, 0x4c, 0x45, 0xac, 0xfd, 0xfa, 0x97, 0xdd, 0x6f, 0x24, 0xa4, 0x4d, - 0x0f, 0x85, 0x87, 0x50, 0xd8, 0x03, 0x0d, 0x06, 0xfb, 0x77, 0xcb, 0xa0, 0xaf, 0x74, 0x42, 0x9e, - 0xc8, 0x6c, 0x2a, 0xa4, 0x32, 0xd8, 0xca, 0x4e, 0xe0, 0xea, 0xcb, 0xa3, 0x6a, 0x99, 0xc4, 0xa6, - 0x9f, 0xb3, 0x60, 0xc4, 0x0b, 0xbc, 0xc4, 0x73, 0x98, 0xf1, 0x5c, 0xcc, 0x95, 0x34, 0x8a, 0xdd, - 0x3c, 0xa7, 0x1c, 0x46, 0xa6, 0xf7, 0x56, 0x31, 0xc3, 0x26, 0x67, 0xf4, 0x51, 0x11, 0x32, 0x59, - 0x2e, 0x2c, 0x27, 0xaf, 0x96, 0x89, 0x93, 0xec, 0x40, 0x35, 0x22, 0x49, 0x54, 0x50, 0x2a, 0x2b, - 0xa6, 0xa4, 0x54, 0x91, 0x49, 0x7d, 0xb9, 0x26, 0x6d, 0xc6, 0x9c, 0x91, 0x1d, 0x03, 0xea, 0xed, - 0x8b, 0x03, 0x86, 0xa3, 0x4d, 0x41, 0xdd, 0xe9, 0x26, 0x61, 0x9b, 0x76, 0x93, 0x70, 0x30, 0xeb, - 0x80, 0x3b, 0x09, 0xc0, 0x1a, 0xc7, 0xfe, 0x62, 0x15, 0x32, 0xa9, 0x46, 0x68, 0xdb, 0xbc, 0x8e, - 0xcc, 0x2a, 0xf6, 0x3a, 0x32, 0x25, 0x4c, 0xde, 0x95, 0x64, 0xa8, 0x05, 0xd5, 0xce, 0x86, 0x13, - 0x4b, 0xdb, 0xf8, 0x15, 0xd9, 0x4d, 0xcb, 0xb4, 0xf1, 0xee, 0xee, 0xc4, 0x8f, 0x0d, 0xe6, 0x6b, - 0xa1, 0x63, 0x75, 0x8a, 0x67, 0xee, 0x6b, 0xd6, 0x8c, 0x06, 0xe6, 0xf4, 0x0f, 0x72, 0x29, 0xcf, - 0xa7, 0x44, 0x21, 0x61, 0x4c, 0xe2, 0xae, 0x9f, 0x88, 0xd1, 0xf0, 0x4a, 0x81, 0xb3, 0x8c, 0x13, - 0xd6, 0x49, 0xb2, 0xfc, 0x3f, 0x36, 0x98, 0xa2, 0x0f, 0x43, 0x3d, 0x4e, 0x9c, 0x28, 0x39, 0x64, - 0x5a, 0x9b, 0xea, 0xf4, 0x15, 0x49, 0x04, 0x6b, 0x7a, 0xe8, 0x55, 0x56, 0x28, 0xd1, 0x8b, 0x37, - 0x0e, 0x19, 0xe9, 0x2c, 0x8b, 0x2a, 0x0a, 0x0a, 0xd8, 0xa0, 0x46, 0xb7, 0x1e, 0x6c, 0x6c, 0xf3, - 0xf0, 0x9e, 0x1a, 0xdb, 0x5b, 0x2a, 0x55, 0x88, 0x15, 0x04, 0x1b, 0x58, 0xf6, 0x0f, 0x41, 0x3a, - 0xcb, 0x1b, 0x4d, 0xc8, 0xa4, 0x72, 0xee, 0x7b, 0x62, 0x11, 0xcb, 0xa9, 0xfc, 0xef, 0x5f, 0xb7, - 0xc0, 0x4c, 0x45, 0x47, 0x6f, 0xf0, 0x9c, 0x77, 0xab, 0x88, 0xf3, 0x02, 0x83, 0xee, 0xe4, 0xa2, - 0xd3, 0xc9, 0x1c, 0x5c, 0xc9, 0xc4, 0xf7, 0xf3, 0xef, 0x83, 0x9a, 0x84, 0x1e, 0xc8, 0xa8, 0xfb, - 0x04, 0x9c, 0xc9, 0x5e, 0xd6, 0x2a, 0x7c, 0xcd, 0xad, 0x28, 0xec, 0x76, 0xb2, 0x1b, 0x49, 0x76, - 0x99, 0x27, 0xe6, 0x30, 0xba, 0x1d, 0xdb, 0xf4, 0x82, 0x66, 0x76, 0x23, 0x79, 0xcd, 0x0b, 0x9a, - 0x98, 0x41, 0x06, 0xb8, 0x94, 0xee, 0x37, 0x2c, 0xb8, 0xb0, 0xdf, 0x9d, 0xb2, 0xe8, 0x71, 0xa8, - 0xdc, 0x71, 0x22, 0x59, 0xc1, 0x96, 0x29, 0xca, 0x5b, 0x4e, 0x14, 0x60, 0xd6, 0x8a, 0x76, 0x60, - 0x88, 0xc7, 0x80, 0x08, 0x6b, 0xfd, 0x95, 0x62, 0x6f, 0xb8, 0xbd, 0x46, 0x8c, 0xed, 0x02, 0x8f, - 0x3f, 0xc1, 0x82, 0xa1, 0xfd, 0x1d, 0x0b, 0xd0, 0xd2, 0x16, 0x89, 0x22, 0xaf, 0x69, 0x44, 0xad, - 0xa0, 0x17, 0x60, 0xf4, 0xf6, 0xca, 0xd2, 0xf5, 0xe5, 0xd0, 0x0b, 0x58, 0xd5, 0x07, 0x23, 0xb1, - 0xed, 0xaa, 0xd1, 0x8e, 0x53, 0x58, 0x68, 0x06, 0xc6, 0x6e, 0xbf, 0x41, 0x37, 0xbf, 0x66, 0xb5, - 0xfc, 0x92, 0x76, 0x77, 0x5e, 0x7d, 0x25, 0x03, 0xc4, 0xbd, 0xf8, 0x68, 0x09, 0xce, 0xb5, 0xf9, - 0x76, 0x83, 0x17, 0xb9, 0xe6, 0x7b, 0x0f, 0x95, 0x46, 0xf2, 0xd8, 0xde, 0xee, 0xc4, 0xb9, 0xc5, - 0x3c, 0x04, 0x9c, 0xff, 0x9c, 0xfd, 0x3e, 0x40, 0x3c, 0x58, 0x65, 0x26, 0x2f, 0xf2, 0xa0, 0xef, - 0x4e, 0xdc, 0xfe, 0x5a, 0x15, 0x4e, 0x65, 0xea, 0x1b, 0xd2, 0xad, 0x5e, 0x6f, 0xa8, 0xc3, 0x91, - 0xd7, 0xef, 0x5e, 0xf1, 0x06, 0x0a, 0x9e, 0x08, 0xa0, 0xea, 0x05, 0x9d, 0x6e, 0x52, 0x4c, 0xe6, - 0x18, 0x17, 0x62, 0x9e, 0x12, 0x34, 0x9c, 0x44, 0xf4, 0x2f, 0xe6, 0x6c, 0x8a, 0x0c, 0xc5, 0x48, - 0x19, 0xe3, 0x95, 0x07, 0xe4, 0x0e, 0xf8, 0x94, 0x0e, 0x8c, 0xa8, 0x16, 0x71, 0x50, 0x9f, 0x19, - 0x2c, 0xc7, 0x7d, 0xc0, 0xf6, 0x6b, 0x25, 0x18, 0x31, 0x3e, 0x1a, 0xfa, 0xa5, 0x74, 0xa1, 0x16, - 0xab, 0xb8, 0x57, 0x62, 0xf4, 0x27, 0x75, 0x29, 0x16, 0xfe, 0x4a, 0x4f, 0xf7, 0xd6, 0x68, 0xb9, - 0xbb, 0x3b, 0x71, 0x3a, 0x53, 0x85, 0x25, 0x55, 0xb7, 0xe5, 0xfc, 0xc7, 0xe1, 0x54, 0x86, 0x4c, - 0xce, 0x2b, 0xaf, 0xa6, 0xef, 0xe2, 0x3d, 0xa2, 0x5b, 0xca, 0xec, 0xb2, 0xb7, 0x68, 0x97, 0xe9, - 0x2b, 0xda, 0x07, 0x70, 0xc7, 0x65, 0x72, 0xe4, 0x4a, 0x03, 0xe6, 0xc8, 0x3d, 0x03, 0xb5, 0x4e, - 0xe8, 0x7b, 0xae, 0xa7, 0x4a, 0x7a, 0xb1, 0xac, 0xbc, 0x65, 0xd1, 0x86, 0x15, 0x14, 0xdd, 0x81, - 0xba, 0xba, 0xb6, 0x58, 0x04, 0x21, 0x16, 0xe5, 0xea, 0x55, 0x46, 0x8b, 0xbe, 0x8e, 0x58, 0xf3, - 0x42, 0x36, 0x0c, 0xb1, 0x45, 0x50, 0x06, 0xfc, 0xb2, 0x0c, 0x4e, 0xb6, 0x3a, 0xc6, 0x58, 0x40, - 0xec, 0x6f, 0xd4, 0xe1, 0x6c, 0x5e, 0x91, 0x59, 0xf4, 0x31, 0x18, 0xe2, 0x32, 0x16, 0x53, 0xc7, - 0x3c, 0x8f, 0xc7, 0x1c, 0x23, 0x28, 0xc4, 0x62, 0xbf, 0xb1, 0xe0, 0x29, 0xb8, 0xfb, 0xce, 0x9a, - 0x18, 0x21, 0xc7, 0xc3, 0x7d, 0xc1, 0xd1, 0xdc, 0x17, 0x1c, 0xce, 0xdd, 0x77, 0xd6, 0xd0, 0x36, - 0x54, 0x5b, 0x5e, 0x42, 0x1c, 0xe1, 0x44, 0xb8, 0x75, 0x2c, 0xcc, 0x89, 0xc3, 0xad, 0x34, 0xf6, - 0x13, 0x73, 0x86, 0xe8, 0xeb, 0x16, 0x9c, 0x5a, 0x4b, 0x27, 0xc4, 0x0a, 0xe5, 0xe9, 0x1c, 0x43, - 0x21, 0xe1, 0x34, 0x23, 0x7e, 0x23, 0x45, 0xa6, 0x11, 0x67, 0xc5, 0x41, 0x9f, 0xb6, 0x60, 0x78, - 0xdd, 0xf3, 0x8d, 0x9a, 0x92, 0xc7, 0xf0, 0x71, 0x2e, 0x33, 0x06, 0x7a, 0xc7, 0xc1, 0xff, 0xc7, - 0x58, 0x72, 0xee, 0xb7, 0x52, 0x0d, 0x1d, 0x75, 0xa5, 0x1a, 0x7e, 0x40, 0x2b, 0xd5, 0x67, 0x2c, - 0xa8, 0xab, 0x9e, 0x16, 0x49, 0x8e, 0x1f, 0x3e, 0xc6, 0x4f, 0xce, 0x3d, 0x27, 0xea, 0x2f, 0xd6, - 0xcc, 0xd1, 0x97, 0x2c, 0x18, 0x71, 0xde, 0xec, 0x46, 0xa4, 0x49, 0xb6, 0xc2, 0x4e, 0x2c, 0x6e, - 0x81, 0x7a, 0xad, 0x78, 0x61, 0xa6, 0x29, 0x93, 0x59, 0xb2, 0xb5, 0xd4, 0x89, 0x45, 0x32, 0x82, - 0x6e, 0xc0, 0xa6, 0x08, 0xf6, 0x6e, 0x09, 0x26, 0xf6, 0xa1, 0x80, 0x5e, 0x82, 0xd1, 0x30, 0x6a, - 0x39, 0x81, 0xf7, 0xa6, 0x99, 0xe1, 0xae, 0xac, 0xac, 0x25, 0x03, 0x86, 0x53, 0x98, 0x66, 0x1a, - 0x66, 0x69, 0x9f, 0x34, 0xcc, 0x0b, 0x50, 0x89, 0x48, 0x27, 0xcc, 0x6e, 0x16, 0x58, 0x20, 0x30, - 0x83, 0xa0, 0x27, 0xa0, 0xec, 0x74, 0x3c, 0x11, 0x7e, 0xa2, 0xf6, 0x40, 0xd3, 0xcb, 0xf3, 0x98, - 0xb6, 0xa7, 0xb2, 0xc2, 0xab, 0xf7, 0x25, 0x2b, 0x9c, 0x2e, 0x03, 0xe2, 0xec, 0x62, 0x48, 0x2f, - 0x03, 0xe9, 0x33, 0x05, 0xfb, 0xab, 0x65, 0x78, 0xe2, 0x9e, 0xe3, 0x45, 0x47, 0xdf, 0x58, 0xf7, - 0x88, 0xbe, 0x91, 0xdd, 0x53, 0xda, 0xaf, 0x7b, 0xca, 0x7d, 0xba, 0xe7, 0xd3, 0x74, 0x1a, 0xc8, - 0xca, 0x00, 0xc5, 0x5c, 0x48, 0xd4, 0xaf, 0xd0, 0x80, 0x98, 0x01, 0x12, 0x8a, 0x35, 0x5f, 0xba, - 0x07, 0x48, 0xa5, 0x20, 0x56, 0x8b, 0x58, 0x06, 0xfa, 0x56, 0x0a, 0xe0, 0x63, 0xbf, 0x5f, 0x5e, - 0xa3, 0xfd, 0xf3, 0x25, 0x78, 0x6a, 0x00, 0xed, 0x6d, 0x8e, 0x62, 0x6b, 0xc0, 0x51, 0xfc, 0xbd, - 0xfd, 0x99, 0xec, 0xbf, 0x64, 0xc1, 0xf9, 0xfe, 0x8b, 0x07, 0x7a, 0x1e, 0x46, 0xd6, 0x22, 0x27, - 0x70, 0x37, 0xd8, 0x25, 0x6b, 0xb2, 0x53, 0x58, 0x5f, 0xeb, 0x66, 0x6c, 0xe2, 0xd0, 0xed, 0x2d, - 0x2f, 0xec, 0x6e, 0x60, 0xc8, 0x94, 0x31, 0xba, 0xbd, 0x5d, 0xcd, 0x02, 0x71, 0x2f, 0xbe, 0xfd, - 0x27, 0xa5, 0x7c, 0xb1, 0xb8, 0x91, 0x71, 0x90, 0xef, 0x24, 0xbe, 0x42, 0x69, 0x00, 0x5d, 0x52, - 0xbe, 0xdf, 0xba, 0xa4, 0xd2, 0x4f, 0x97, 0xa0, 0x59, 0x38, 0x6d, 0xdc, 0x47, 0xc0, 0xd3, 0x00, - 0x79, 0x98, 0x9d, 0xca, 0x8d, 0x5f, 0xce, 0xc0, 0x71, 0xcf, 0x13, 0xe8, 0x59, 0xa8, 0x79, 0x41, - 0x4c, 0xdc, 0x6e, 0xc4, 0xc3, 0x3b, 0x8d, 0xd4, 0x8b, 0x79, 0xd1, 0x8e, 0x15, 0x86, 0xfd, 0xcb, - 0x25, 0x78, 0xac, 0xaf, 0x9d, 0x75, 0x9f, 0x74, 0x97, 0xf9, 0x39, 0x2a, 0xf7, 0xe7, 0x73, 0x98, - 0x9d, 0x54, 0xdd, 0xb7, 0x93, 0x7e, 0xaf, 0xff, 0xc0, 0xa4, 0x36, 0xf7, 0xf7, 0x6d, 0x2f, 0xbd, - 0x0c, 0x27, 0x9c, 0x4e, 0x87, 0xe3, 0xb1, 0x28, 0xad, 0x4c, 0x6d, 0x8c, 0x69, 0x13, 0x88, 0xd3, - 0xb8, 0x03, 0xad, 0x9e, 0x7f, 0x68, 0x41, 0x1d, 0x93, 0x75, 0xae, 0x1d, 0xd0, 0x6d, 0xd1, 0x45, - 0x56, 0x11, 0x55, 0xf4, 0x68, 0xc7, 0xc6, 0x1e, 0xab, 0x2e, 0x97, 0xd7, 0xd9, 0xbd, 0xf7, 0x56, - 0x94, 0x0e, 0x74, 0x6f, 0x85, 0xba, 0xb9, 0xa0, 0xdc, 0xff, 0xe6, 0x02, 0xfb, 0xad, 0x61, 0xfa, - 0x7a, 0x9d, 0x70, 0x26, 0x22, 0xcd, 0x98, 0x7e, 0xdf, 0x6e, 0xe4, 0x8b, 0x41, 0xa2, 0xbe, 0xef, - 0x0d, 0xbc, 0x80, 0x69, 0x7b, 0xea, 0x28, 0xa6, 0x74, 0xa0, 0xca, 0x00, 0xe5, 0x7d, 0x2b, 0x03, - 0xbc, 0x0c, 0x27, 0xe2, 0x78, 0x63, 0x39, 0xf2, 0xb6, 0x9c, 0x84, 0x5c, 0x23, 0x3b, 0xc2, 0xca, - 0xd2, 0xd9, 0xbc, 0x2b, 0x57, 0x34, 0x10, 0xa7, 0x71, 0xd1, 0x1c, 0x8c, 0xe9, 0xfc, 0x7c, 0x12, - 0x25, 0x2c, 0xa6, 0x97, 0x8f, 0x04, 0x95, 0xba, 0xa7, 0x33, 0xfa, 0x05, 0x02, 0xee, 0x7d, 0x86, - 0xea, 0xb7, 0x54, 0x23, 0x15, 0x64, 0x28, 0xad, 0xdf, 0x52, 0x74, 0xa8, 0x2c, 0x3d, 0x4f, 0xa0, - 0x45, 0x38, 0xc3, 0x07, 0xc6, 0x74, 0xa7, 0x63, 0xbc, 0xd1, 0x70, 0xba, 0x7a, 0xd9, 0x5c, 0x2f, - 0x0a, 0xce, 0x7b, 0x0e, 0xbd, 0x08, 0x23, 0xaa, 0x79, 0x7e, 0x56, 0x9c, 0x22, 0x28, 0x2f, 0x86, - 0x22, 0x33, 0xdf, 0xc4, 0x26, 0x1e, 0xfa, 0x10, 0x3c, 0xaa, 0xff, 0xf2, 0xc4, 0x0f, 0x7e, 0xb4, - 0x36, 0x2b, 0x4a, 0x9f, 0xa8, 0x3a, 0xf9, 0x73, 0xb9, 0x68, 0x4d, 0xdc, 0xef, 0x79, 0xb4, 0x06, - 0xe7, 0x15, 0xe8, 0x52, 0x90, 0xb0, 0x28, 0xee, 0x98, 0x34, 0x9c, 0x98, 0xdc, 0x88, 0x7c, 0x56, - 0x2c, 0xa5, 0xae, 0xaf, 0x30, 0x9b, 0xf3, 0x92, 0x2b, 0x79, 0x98, 0x78, 0x01, 0xdf, 0x83, 0x0a, - 0x9a, 0x82, 0x3a, 0x09, 0x9c, 0x35, 0x9f, 0x2c, 0xcd, 0xcc, 0xb3, 0x12, 0x2a, 0xc6, 0x49, 0xde, - 0x25, 0x09, 0xc0, 0x1a, 0x47, 0xc5, 0x95, 0x8d, 0xf6, 0xbd, 0x4e, 0x6f, 0x19, 0xce, 0xb6, 0xdc, - 0x0e, 0xb5, 0x3d, 0x3c, 0x97, 0x4c, 0xbb, 0x2c, 0xb6, 0x8a, 0x7e, 0x18, 0x5e, 0x56, 0x4e, 0x05, - 0x4d, 0xce, 0xcd, 0x2c, 0xf7, 0xe0, 0xe0, 0xdc, 0x27, 0xe9, 0x1c, 0xeb, 0x44, 0xe1, 0xf6, 0xce, - 0xf8, 0x99, 0xf4, 0x1c, 0x5b, 0xa6, 0x8d, 0x98, 0xc3, 0xd0, 0x55, 0x40, 0x2c, 0x02, 0xf7, 0x4a, - 0x92, 0x74, 0x94, 0xb1, 0x33, 0x7e, 0x96, 0xbd, 0xd2, 0x79, 0xf1, 0x04, 0xba, 0xdc, 0x83, 0x81, - 0x73, 0x9e, 0xb2, 0xff, 0xc0, 0x82, 0x13, 0x6a, 0xbe, 0xde, 0x87, 0x18, 0x74, 0x3f, 0x1d, 0x83, - 0x3e, 0x77, 0x74, 0x8d, 0xc7, 0x24, 0xef, 0x13, 0xc8, 0xf8, 0x33, 0x23, 0x00, 0x5a, 0x2b, 0xaa, - 0x05, 0xc9, 0xea, 0xbb, 0x20, 0x3d, 0xb4, 0x1a, 0x29, 0xaf, 0x5e, 0x42, 0xf5, 0xc1, 0xd6, 0x4b, - 0x58, 0x81, 0x73, 0xd2, 0x5c, 0xe0, 0x67, 0x45, 0x57, 0xc2, 0x58, 0x29, 0xb8, 0x5a, 0xe3, 0x09, - 0x41, 0xe8, 0xdc, 0x7c, 0x1e, 0x12, 0xce, 0x7f, 0x36, 0x65, 0xa5, 0x0c, 0xef, 0x67, 0xa5, 0xe8, - 0x39, 0xbd, 0xb0, 0x2e, 0x0b, 0xe2, 0x67, 0xe6, 0xf4, 0xc2, 0xe5, 0x15, 0xac, 0x71, 0xf2, 0x15, - 0x7b, 0xbd, 0x20, 0xc5, 0x0e, 0x07, 0x56, 0xec, 0x52, 0xc5, 0x8c, 0xf4, 0x55, 0x31, 0xd2, 0x27, - 0x3d, 0xda, 0xd7, 0x27, 0xfd, 0x7e, 0x38, 0xe9, 0x05, 0x1b, 0x24, 0xf2, 0x12, 0xd2, 0x64, 0x73, - 0x81, 0xa9, 0x9f, 0x9a, 0x5e, 0xd6, 0xe7, 0x53, 0x50, 0x9c, 0xc1, 0x4e, 0xeb, 0xc5, 0x93, 0x03, - 0xe8, 0xc5, 0x3e, 0xab, 0xd1, 0xa9, 0x62, 0x56, 0xa3, 0xd3, 0x47, 0x5f, 0x8d, 0xc6, 0x8e, 0x75, - 0x35, 0x42, 0x85, 0xac, 0x46, 0x03, 0x29, 0x7a, 0x63, 0xfb, 0x77, 0x76, 0x9f, 0xed, 0x5f, 0xbf, - 0xa5, 0xe8, 0xdc, 0xa1, 0x97, 0xa2, 0xfc, 0x55, 0xe6, 0x91, 0x43, 0xad, 0x32, 0x9f, 0x29, 0xc1, - 0x39, 0xad, 0x87, 0xe9, 0xe8, 0xf7, 0xd6, 0xa9, 0x26, 0x62, 0x77, 0xaa, 0xf0, 0x73, 0x1b, 0x23, - 0x25, 0x42, 0x67, 0x57, 0x28, 0x08, 0x36, 0xb0, 0x58, 0x66, 0x01, 0x89, 0x58, 0xf1, 0xcc, 0xac, - 0x92, 0x9e, 0x11, 0xed, 0x58, 0x61, 0xd0, 0xf1, 0x45, 0x7f, 0x8b, 0x6c, 0xad, 0x6c, 0x89, 0xa8, - 0x19, 0x0d, 0xc2, 0x26, 0x1e, 0x7a, 0x86, 0x33, 0x61, 0x0a, 0x82, 0x2a, 0xea, 0x51, 0x71, 0xc9, - 0xa2, 0xd4, 0x09, 0x0a, 0x2a, 0xc5, 0x61, 0x29, 0x24, 0xd5, 0x5e, 0x71, 0x58, 0x08, 0x94, 0xc2, - 0xb0, 0xff, 0xbb, 0x05, 0x8f, 0xe5, 0x76, 0xc5, 0x7d, 0x58, 0x7c, 0xb7, 0xd3, 0x8b, 0xef, 0x4a, - 0x51, 0xdb, 0x0d, 0xe3, 0x2d, 0xfa, 0x2c, 0xc4, 0xff, 0xd6, 0x82, 0x93, 0x1a, 0xff, 0x3e, 0xbc, - 0xaa, 0x97, 0x7e, 0xd5, 0xe2, 0x76, 0x56, 0xf5, 0x9e, 0x77, 0xfb, 0x03, 0xf6, 0x6e, 0x3c, 0xb8, - 0x62, 0xda, 0x95, 0x45, 0x31, 0xf7, 0x39, 0x49, 0xdc, 0x81, 0x21, 0x76, 0x10, 0x1a, 0x17, 0x13, - 0xe4, 0x91, 0xe6, 0xcf, 0x0e, 0x55, 0xf5, 0x21, 0x33, 0xfb, 0x1b, 0x63, 0xc1, 0x90, 0x95, 0x76, - 0xf5, 0x62, 0xaa, 0xcd, 0x9b, 0x22, 0x19, 0x43, 0x97, 0x76, 0x15, 0xed, 0x58, 0x61, 0xd8, 0x6d, - 0x18, 0x4f, 0x13, 0x9f, 0x25, 0xeb, 0x2c, 0x70, 0x70, 0xa0, 0xd7, 0x9c, 0x82, 0xba, 0xc3, 0x9e, - 0x5a, 0xe8, 0x3a, 0xd9, 0x7b, 0x79, 0xa7, 0x25, 0x00, 0x6b, 0x1c, 0xfb, 0x57, 0x2d, 0x38, 0x93, - 0xf3, 0x32, 0x05, 0x26, 0xa1, 0x24, 0x5a, 0x0b, 0xe4, 0x2d, 0xb8, 0xef, 0x86, 0xe1, 0x26, 0x59, - 0x77, 0x64, 0x68, 0x9a, 0xa1, 0x73, 0x67, 0x79, 0x33, 0x96, 0x70, 0xfb, 0xbf, 0x5a, 0x70, 0x2a, - 0x2d, 0x6b, 0x4c, 0xb5, 0x26, 0x7f, 0x99, 0x59, 0x2f, 0x76, 0xc3, 0x2d, 0x12, 0xed, 0xd0, 0x37, - 0xe7, 0x52, 0x2b, 0xad, 0x39, 0xdd, 0x83, 0x81, 0x73, 0x9e, 0x62, 0xc5, 0x14, 0x9b, 0xaa, 0xb7, - 0xe5, 0x48, 0xb9, 0x59, 0xe4, 0x48, 0xd1, 0x1f, 0xd3, 0x3c, 0xc6, 0x56, 0x2c, 0xb1, 0xc9, 0xdf, - 0xfe, 0x4e, 0x05, 0x54, 0x96, 0x1a, 0x8b, 0x0b, 0x2a, 0x28, 0xaa, 0x2a, 0x75, 0x17, 0x51, 0x79, - 0x80, 0xbb, 0x88, 0xe4, 0x60, 0xa8, 0xdc, 0xeb, 0xa0, 0x9e, 0x7b, 0x2f, 0x4c, 0x97, 0xa2, 0x7a, - 0xc3, 0x55, 0x0d, 0xc2, 0x26, 0x1e, 0x95, 0xc4, 0xf7, 0xb6, 0x08, 0x7f, 0x68, 0x28, 0x2d, 0xc9, - 0x82, 0x04, 0x60, 0x8d, 0x43, 0x25, 0x69, 0x7a, 0xeb, 0xeb, 0x62, 0x2b, 0xae, 0x24, 0xa1, 0xbd, - 0x83, 0x19, 0x84, 0xd7, 0xc7, 0x0d, 0x37, 0x85, 0x75, 0x6a, 0xd4, 0xc7, 0x0d, 0x37, 0x31, 0x83, - 0x50, 0x7b, 0x2a, 0x08, 0xa3, 0x36, 0xbb, 0x37, 0xb9, 0xa9, 0xb8, 0x08, 0xab, 0x54, 0xd9, 0x53, - 0xd7, 0x7b, 0x51, 0x70, 0xde, 0x73, 0x74, 0x04, 0x76, 0x22, 0xd2, 0xf4, 0xdc, 0xc4, 0xa4, 0x06, - 0xe9, 0x11, 0xb8, 0xdc, 0x83, 0x81, 0x73, 0x9e, 0x42, 0xd3, 0x70, 0x4a, 0x66, 0x19, 0xca, 0x1a, - 0x12, 0x23, 0xe9, 0x9c, 0x75, 0x9c, 0x06, 0xe3, 0x2c, 0x3e, 0xd5, 0x36, 0x6d, 0x51, 0x3e, 0x86, - 0x19, 0xb1, 0x86, 0xb6, 0x91, 0x65, 0x65, 0xb0, 0xc2, 0xb0, 0x3f, 0x55, 0xa6, 0xab, 0x63, 0x9f, - 0xb2, 0x49, 0xf7, 0x2d, 0x8a, 0x2f, 0x3d, 0x22, 0x2b, 0x03, 0x8c, 0xc8, 0x17, 0x60, 0xf4, 0x76, - 0x1c, 0x06, 0x2a, 0x42, 0xae, 0xda, 0x37, 0x42, 0xce, 0xc0, 0xca, 0x8f, 0x90, 0x1b, 0x2a, 0x2a, - 0x42, 0x6e, 0xf8, 0x90, 0x11, 0x72, 0xdf, 0xaa, 0x82, 0x2a, 0xd4, 0x7f, 0x9d, 0x24, 0x77, 0xc2, - 0x68, 0xd3, 0x0b, 0x5a, 0x2c, 0x3b, 0xf3, 0xeb, 0x16, 0x8c, 0xf2, 0xf9, 0xb2, 0x60, 0x66, 0x38, - 0xad, 0x17, 0x54, 0x01, 0x3e, 0xc5, 0x6c, 0x72, 0xd5, 0x60, 0x94, 0xb9, 0x5f, 0xce, 0x04, 0xe1, - 0x94, 0x44, 0xe8, 0xe3, 0x00, 0xd2, 0x6f, 0xb9, 0x2e, 0x55, 0xe6, 0x7c, 0x31, 0xf2, 0x61, 0xb2, - 0xae, 0x6d, 0xd3, 0x55, 0xc5, 0x04, 0x1b, 0x0c, 0xd1, 0x67, 0xb2, 0xf7, 0xca, 0x7f, 0xf4, 0x58, - 0xfa, 0x66, 0x90, 0xdc, 0x2f, 0x0c, 0xc3, 0x5e, 0xd0, 0xa2, 0xe3, 0x44, 0x44, 0x12, 0xbd, 0x2b, - 0x2f, 0xb3, 0x79, 0x21, 0x74, 0x9a, 0x0d, 0xc7, 0x77, 0x02, 0x97, 0x44, 0xf3, 0x1c, 0xdd, 0xbc, - 0x55, 0x95, 0x35, 0x60, 0x49, 0xa8, 0xe7, 0x8a, 0x83, 0xea, 0x20, 0x57, 0x1c, 0x9c, 0xff, 0x00, - 0x8c, 0xf5, 0x7c, 0xcc, 0x03, 0xa5, 0x7a, 0x1d, 0x3e, 0x4b, 0xcc, 0xfe, 0xa7, 0x43, 0x7a, 0xd1, - 0xba, 0x1e, 0x36, 0x79, 0xa1, 0xfd, 0x48, 0x7f, 0x51, 0x61, 0x7b, 0x16, 0x38, 0x44, 0x8c, 0x9b, - 0x59, 0x55, 0x23, 0x36, 0x59, 0xd2, 0x31, 0xda, 0x71, 0x22, 0x12, 0x1c, 0xf7, 0x18, 0x5d, 0x56, - 0x4c, 0xb0, 0xc1, 0x10, 0x6d, 0xa4, 0x72, 0x3d, 0x2e, 0x1f, 0x3d, 0xd7, 0x83, 0xd5, 0x7c, 0xc9, - 0xab, 0x8d, 0xfd, 0x25, 0x0b, 0x4e, 0x06, 0xa9, 0x91, 0x5b, 0x4c, 0x78, 0x67, 0xfe, 0xac, 0xe0, - 0xf7, 0xbc, 0xa4, 0xdb, 0x70, 0x86, 0x7f, 0xde, 0x92, 0x56, 0x3d, 0xe0, 0x92, 0xa6, 0x6f, 0xec, - 0x18, 0xea, 0x77, 0x63, 0x07, 0x0a, 0xd4, 0x95, 0x45, 0xc3, 0x85, 0x5f, 0x59, 0x04, 0x39, 0xd7, - 0x15, 0xdd, 0x82, 0xba, 0x1b, 0x11, 0x27, 0x39, 0xe4, 0xed, 0x35, 0xec, 0xe0, 0x7c, 0x46, 0x12, - 0xc0, 0x9a, 0x96, 0xfd, 0xbf, 0x2b, 0x70, 0x5a, 0xf6, 0x88, 0x0c, 0x0d, 0xa7, 0xeb, 0x23, 0xe7, - 0xab, 0x8d, 0x5b, 0xb5, 0x3e, 0x5e, 0x91, 0x00, 0xac, 0x71, 0xa8, 0x3d, 0xd6, 0x8d, 0xc9, 0x52, - 0x87, 0x04, 0x0b, 0xde, 0x5a, 0x2c, 0xce, 0x1f, 0xd5, 0x44, 0xb9, 0xa1, 0x41, 0xd8, 0xc4, 0xa3, - 0xc6, 0x38, 0xb7, 0x8b, 0xe3, 0x6c, 0x5a, 0x89, 0xb0, 0xb7, 0xb1, 0x84, 0xa3, 0x5f, 0xc8, 0xad, - 0xe3, 0x58, 0x4c, 0x42, 0x55, 0x4f, 0x44, 0xfc, 0x01, 0x2f, 0x3c, 0xfb, 0x1b, 0x16, 0x9c, 0xe3, - 0xad, 0xb2, 0x27, 0x6f, 0x74, 0x9a, 0x4e, 0x42, 0xe2, 0x62, 0xea, 0x2a, 0xe7, 0xc8, 0xa7, 0x9d, - 0xaf, 0x79, 0x6c, 0x71, 0xbe, 0x34, 0xe8, 0x8b, 0x16, 0x9c, 0xda, 0x4c, 0x65, 0xe0, 0xcb, 0xa5, - 0xe3, 0x88, 0xb5, 0x62, 0xd2, 0x69, 0xfd, 0x7a, 0xaa, 0xa5, 0xdb, 0x63, 0x9c, 0xe5, 0x6e, 0xff, - 0x89, 0x05, 0xa6, 0x1a, 0x1d, 0xcc, 0x02, 0x34, 0xae, 0x98, 0x2d, 0xed, 0x73, 0xc5, 0xac, 0x34, - 0x16, 0xcb, 0x83, 0x6d, 0x4e, 0x2a, 0x07, 0xd8, 0x9c, 0x54, 0xfb, 0x5a, 0x97, 0x4f, 0x40, 0xb9, - 0xeb, 0x35, 0xc5, 0xfe, 0x42, 0x9f, 0x8a, 0xce, 0xcf, 0x62, 0xda, 0x6e, 0xff, 0xa3, 0xaa, 0xf6, - 0x27, 0x88, 0x7c, 0xa5, 0xef, 0x8b, 0xd7, 0x5e, 0x57, 0xa5, 0x7f, 0xf8, 0x9b, 0x5f, 0xef, 0x29, - 0xfd, 0xf3, 0x23, 0x07, 0x4f, 0x47, 0xe3, 0x1d, 0xd4, 0xaf, 0xf2, 0xcf, 0xf0, 0x3e, 0xb9, 0x68, - 0xb7, 0xa1, 0x46, 0xb7, 0x60, 0xcc, 0x31, 0x58, 0x4b, 0x09, 0x55, 0xbb, 0x22, 0xda, 0xef, 0xee, - 0x4e, 0xfc, 0xf0, 0xc1, 0xc5, 0x92, 0x4f, 0x63, 0x45, 0x1f, 0xc5, 0x50, 0xa7, 0xbf, 0x59, 0xda, - 0x9c, 0xd8, 0xdc, 0xdd, 0x50, 0x3a, 0x53, 0x02, 0x0a, 0xc9, 0xc9, 0xd3, 0x7c, 0x50, 0x00, 0x75, - 0x76, 0x37, 0x24, 0x63, 0xca, 0xf7, 0x80, 0xcb, 0x2a, 0x79, 0x4d, 0x02, 0xee, 0xee, 0x4e, 0xbc, - 0x7c, 0x70, 0xa6, 0xea, 0x71, 0xac, 0x59, 0xd8, 0x5f, 0xae, 0xe8, 0xb1, 0x2b, 0x2a, 0x3e, 0x7d, - 0x5f, 0x8c, 0xdd, 0x97, 0x32, 0x63, 0xf7, 0x42, 0xcf, 0xd8, 0x3d, 0xa9, 0xef, 0x30, 0x4c, 0x8d, - 0xc6, 0xfb, 0x6d, 0x08, 0xec, 0xef, 0x6f, 0x60, 0x16, 0xd0, 0x1b, 0x5d, 0x2f, 0x22, 0xf1, 0x72, - 0xd4, 0x0d, 0xbc, 0xa0, 0x25, 0xee, 0xa6, 0x37, 0x2c, 0xa0, 0x14, 0x18, 0x67, 0xf1, 0xd9, 0xbd, - 0xf6, 0x3b, 0x81, 0x7b, 0xcb, 0xd9, 0xe2, 0xa3, 0xca, 0x28, 0x82, 0xb3, 0x22, 0xda, 0xb1, 0xc2, - 0xb0, 0xdf, 0x62, 0x67, 0xcc, 0x46, 0xbe, 0x2e, 0x1d, 0x13, 0x3e, 0xbb, 0x8c, 0x93, 0x57, 0xd0, - 0x51, 0x63, 0x82, 0xdf, 0xc0, 0xc9, 0x61, 0xe8, 0x0e, 0x0c, 0xaf, 0xf1, 0xdb, 0xa8, 0x8a, 0xa9, - 0x16, 0x2c, 0xae, 0xb6, 0x62, 0x77, 0x0e, 0xc8, 0x7b, 0xae, 0xee, 0xea, 0x9f, 0x58, 0x72, 0xb3, - 0xbf, 0x59, 0x81, 0x53, 0x99, 0xeb, 0x1a, 0x53, 0xb5, 0x0b, 0x4b, 0xfb, 0xd6, 0x2e, 0xfc, 0x08, - 0x40, 0x93, 0x74, 0xfc, 0x70, 0x87, 0x99, 0x63, 0x95, 0x03, 0x9b, 0x63, 0xca, 0x82, 0x9f, 0x55, - 0x54, 0xb0, 0x41, 0x51, 0x94, 0x0d, 0xe2, 0xa5, 0x10, 0x33, 0x65, 0x83, 0x8c, 0x9a, 0xe2, 0x43, - 0xf7, 0xb7, 0xa6, 0xb8, 0x07, 0xa7, 0xb8, 0x88, 0x2a, 0x2b, 0xf6, 0x10, 0xc9, 0xaf, 0x2c, 0xaf, - 0x60, 0x36, 0x4d, 0x06, 0x67, 0xe9, 0x3e, 0xc8, 0xdb, 0x58, 0xd1, 0x7b, 0xa0, 0x2e, 0xbf, 0x73, - 0x3c, 0x5e, 0xd7, 0x95, 0x05, 0xe4, 0x30, 0x60, 0xb7, 0xa4, 0x8a, 0x9f, 0xf6, 0x17, 0x4a, 0xd4, - 0x7a, 0xe6, 0xff, 0x54, 0x85, 0x98, 0xa7, 0x61, 0xc8, 0xe9, 0x26, 0x1b, 0x61, 0xcf, 0x8d, 0x56, - 0xd3, 0xac, 0x15, 0x0b, 0x28, 0x5a, 0x80, 0x4a, 0x53, 0x57, 0xfd, 0x38, 0x48, 0x2f, 0x6a, 0x47, - 0xa4, 0x93, 0x10, 0xcc, 0xa8, 0xa0, 0xc7, 0xa1, 0x92, 0x38, 0x2d, 0x99, 0x80, 0xc4, 0x92, 0x4e, - 0x57, 0x9d, 0x56, 0x8c, 0x59, 0xab, 0xb9, 0x68, 0x56, 0xf6, 0x59, 0x34, 0x5f, 0x86, 0x13, 0xb1, - 0xd7, 0x0a, 0x9c, 0xa4, 0x1b, 0x11, 0xe3, 0xd0, 0x4b, 0xc7, 0x31, 0x98, 0x40, 0x9c, 0xc6, 0xb5, - 0x7f, 0x73, 0x14, 0xce, 0xae, 0xcc, 0x2c, 0xca, 0x0a, 0xb6, 0xc7, 0x96, 0x43, 0x94, 0xc7, 0xe3, - 0xfe, 0xe5, 0x10, 0xf5, 0xe1, 0xee, 0x1b, 0x39, 0x44, 0xbe, 0x91, 0x43, 0x94, 0x4e, 0xe8, 0x28, - 0x17, 0x91, 0xd0, 0x91, 0x27, 0xc1, 0x20, 0x09, 0x1d, 0xc7, 0x96, 0x54, 0x74, 0x4f, 0x81, 0x0e, - 0x94, 0x54, 0xa4, 0x32, 0xae, 0x0a, 0x09, 0xb5, 0xef, 0xf3, 0xa9, 0x72, 0x33, 0xae, 0x54, 0xb6, - 0x0b, 0x4f, 0x23, 0x11, 0x0a, 0xf6, 0xb5, 0xe2, 0x05, 0x18, 0x20, 0xdb, 0x45, 0x64, 0xb2, 0x98, - 0x19, 0x56, 0xc3, 0x45, 0x64, 0x58, 0xe5, 0x89, 0xb3, 0x6f, 0x86, 0xd5, 0xcb, 0x70, 0xc2, 0xf5, - 0xc3, 0x80, 0x2c, 0x47, 0x61, 0x12, 0xba, 0xa1, 0x2f, 0x8c, 0x69, 0xa5, 0x12, 0x66, 0x4c, 0x20, - 0x4e, 0xe3, 0xf6, 0x4b, 0xcf, 0xaa, 0x1f, 0x35, 0x3d, 0x0b, 0x1e, 0x50, 0x7a, 0xd6, 0xcf, 0xea, - 0x44, 0xe2, 0x11, 0xf6, 0x45, 0x3e, 0x52, 0xfc, 0x17, 0x19, 0x24, 0x9b, 0x18, 0x7d, 0x95, 0x5f, - 0x29, 0x45, 0xcd, 0xd1, 0x99, 0xb0, 0x4d, 0xcd, 0xad, 0x51, 0xd6, 0x25, 0xaf, 0x1f, 0xc3, 0x80, - 0xbd, 0xb5, 0xa2, 0xd9, 0xa8, 0x6b, 0xa6, 0x74, 0x13, 0x4e, 0x0b, 0x72, 0x94, 0x44, 0xe7, 0xaf, - 0x95, 0xe0, 0x07, 0xf6, 0x15, 0x01, 0xdd, 0x01, 0x48, 0x9c, 0x96, 0x18, 0xa8, 0xe2, 0x98, 0xe2, - 0x88, 0xc1, 0x86, 0xab, 0x92, 0x1e, 0xaf, 0xd0, 0xa1, 0xfe, 0xb2, 0x03, 0x00, 0xf9, 0x9b, 0xc5, - 0x18, 0x86, 0x7e, 0x4f, 0x35, 0x42, 0x1c, 0xfa, 0x04, 0x33, 0x08, 0x5d, 0xfe, 0x23, 0xd2, 0xd2, - 0x77, 0xa0, 0xaa, 0xcf, 0x87, 0x59, 0x2b, 0x16, 0x50, 0xf4, 0x22, 0x8c, 0x38, 0xbe, 0xcf, 0xb3, - 0x45, 0xd8, 0x95, 0x24, 0x29, 0x9f, 0xd9, 0xb4, 0x06, 0x61, 0x13, 0xcf, 0xfe, 0xe3, 0x12, 0x4c, - 0xec, 0xa3, 0x53, 0x7a, 0xf2, 0xdf, 0xaa, 0x03, 0xe7, 0xbf, 0x89, 0x88, 0xfd, 0xa1, 0x3e, 0x11, - 0xfb, 0x2f, 0xc2, 0x48, 0x42, 0x9c, 0xb6, 0x08, 0x4f, 0x12, 0xfb, 0x6f, 0x7d, 0xee, 0xaa, 0x41, - 0xd8, 0xc4, 0xa3, 0x5a, 0xec, 0xa4, 0xe3, 0xba, 0x24, 0x8e, 0x65, 0x48, 0xbe, 0xf0, 0x61, 0x16, - 0x16, 0xef, 0xcf, 0x5c, 0xc3, 0xd3, 0x29, 0x16, 0x38, 0xc3, 0x32, 0xdb, 0xe1, 0xf5, 0x01, 0x3b, - 0xfc, 0x1b, 0x25, 0x78, 0xe2, 0x9e, 0xab, 0xdb, 0xc0, 0xd9, 0x12, 0xdd, 0x98, 0x44, 0xd9, 0x81, - 0x73, 0x23, 0x26, 0x11, 0x66, 0x10, 0xde, 0x4b, 0x9d, 0x8e, 0x71, 0xc7, 0x6c, 0xd1, 0xa9, 0x3c, - 0xbc, 0x97, 0x52, 0x2c, 0x70, 0x86, 0xe5, 0x61, 0x87, 0xe5, 0xdf, 0x29, 0xc1, 0x53, 0x03, 0xd8, - 0x00, 0x05, 0xa6, 0x3c, 0xa5, 0x13, 0xcf, 0xca, 0x0f, 0x28, 0x3f, 0xf0, 0x90, 0xdd, 0xf5, 0x56, - 0x09, 0xce, 0xf7, 0x5f, 0x8a, 0xd1, 0x8f, 0xd2, 0x3d, 0xbc, 0x8c, 0x49, 0x32, 0x73, 0xd6, 0xce, - 0xf0, 0xfd, 0x7b, 0x0a, 0x84, 0xb3, 0xb8, 0x68, 0x12, 0xa0, 0xe3, 0x24, 0x1b, 0xf1, 0xa5, 0x6d, - 0x2f, 0x4e, 0x44, 0x4d, 0x96, 0x93, 0xfc, 0xc4, 0x48, 0xb6, 0x62, 0x03, 0x83, 0xb2, 0x63, 0xff, - 0x66, 0xc3, 0xeb, 0x61, 0xc2, 0x1f, 0xe2, 0xdb, 0x88, 0x33, 0xb2, 0x6e, 0xbd, 0x01, 0xc2, 0x59, - 0x5c, 0xca, 0x8e, 0x9d, 0x49, 0x72, 0x41, 0xf9, 0xfe, 0x82, 0xb1, 0x5b, 0x50, 0xad, 0xd8, 0xc0, - 0xc8, 0x66, 0xe3, 0x55, 0xf7, 0xcf, 0xc6, 0xb3, 0xff, 0x61, 0x09, 0x1e, 0xeb, 0x6b, 0xca, 0x0d, - 0x36, 0x01, 0x1f, 0xbe, 0x0c, 0xba, 0xc3, 0x8d, 0x9d, 0x03, 0x66, 0x7a, 0xfd, 0x61, 0x9f, 0x91, - 0x26, 0x32, 0xbd, 0x0e, 0x9f, 0x2a, 0xfd, 0xf0, 0xf5, 0x67, 0x4f, 0x72, 0x57, 0xe5, 0x00, 0xc9, - 0x5d, 0x99, 0x8f, 0x51, 0x1d, 0x70, 0x22, 0xff, 0xdf, 0xfe, 0xdd, 0x4b, 0xb7, 0x7e, 0x03, 0x79, - 0x47, 0x67, 0xe1, 0xb4, 0x17, 0xb0, 0x3b, 0x4c, 0x56, 0xba, 0x6b, 0xa2, 0x4c, 0x47, 0x29, 0x7d, - 0x83, 0xf0, 0x7c, 0x06, 0x8e, 0x7b, 0x9e, 0x78, 0x08, 0x93, 0xed, 0x0e, 0xd7, 0xa5, 0x07, 0x4c, - 0xf7, 0xfc, 0x08, 0xd4, 0x95, 0x24, 0x3c, 0xdc, 0x58, 0x7d, 0xfe, 0x9e, 0x70, 0x63, 0xf5, 0xed, - 0x0d, 0x2c, 0xda, 0x6f, 0xd4, 0x38, 0xcd, 0x8c, 0xe3, 0x6b, 0x64, 0x87, 0x59, 0xaa, 0xf6, 0x7b, - 0x61, 0x54, 0x79, 0x3c, 0x06, 0xbd, 0xd6, 0xc2, 0xfe, 0xf2, 0x10, 0x9c, 0x48, 0x15, 0xad, 0x4b, - 0x39, 0x18, 0xad, 0x7d, 0x1d, 0x8c, 0x2c, 0x7c, 0xbc, 0x1b, 0xc8, 0x3b, 0x6f, 0x8c, 0xf0, 0xf1, - 0x6e, 0x40, 0x30, 0x87, 0x51, 0x43, 0xb3, 0x19, 0xed, 0xe0, 0x6e, 0x20, 0xc2, 0x3c, 0x95, 0xa1, - 0x39, 0xcb, 0x5a, 0xb1, 0x80, 0xa2, 0x4f, 0x5a, 0x30, 0x1a, 0x33, 0xef, 0x35, 0x77, 0xcf, 0x8a, - 0xcf, 0x7f, 0xf5, 0xe8, 0x35, 0xf9, 0x54, 0x81, 0x46, 0x16, 0x21, 0x62, 0xb6, 0xe0, 0x14, 0x47, - 0xf4, 0xd3, 0x16, 0xd4, 0x55, 0x69, 0x7e, 0x71, 0x31, 0xd5, 0x4a, 0xb1, 0x35, 0x01, 0xb9, 0x5f, - 0x4f, 0x1d, 0x04, 0xe8, 0xbb, 0xb6, 0x35, 0x63, 0x14, 0x2b, 0xdf, 0xe9, 0xf0, 0xf1, 0xf8, 0x4e, - 0x21, 0xc7, 0x6f, 0xfa, 0x1e, 0xa8, 0xb7, 0x9d, 0xc0, 0x5b, 0x27, 0x71, 0xc2, 0xdd, 0x99, 0xb2, - 0x54, 0xa9, 0x6c, 0xc4, 0x1a, 0x4e, 0x97, 0xc6, 0x98, 0xbd, 0x58, 0x62, 0xf8, 0x1f, 0xd9, 0xd2, - 0xb8, 0xa2, 0x9b, 0xb1, 0x89, 0x63, 0x3a, 0x4b, 0xe1, 0x81, 0x3a, 0x4b, 0x47, 0xf6, 0x71, 0x96, - 0xfe, 0x3d, 0x0b, 0xce, 0xe5, 0x7e, 0xb5, 0x87, 0x37, 0xf0, 0xcf, 0xfe, 0x4a, 0x15, 0xce, 0xe4, - 0x54, 0x9f, 0x44, 0x3b, 0xe6, 0x78, 0xb6, 0x8a, 0x38, 0x43, 0x4f, 0x1f, 0x09, 0xcb, 0x6e, 0xcc, - 0x19, 0xc4, 0x07, 0x3b, 0xaa, 0xd0, 0xc7, 0x05, 0xe5, 0xfb, 0x7b, 0x5c, 0x60, 0x0c, 0xcb, 0xca, - 0x03, 0x1d, 0x96, 0xd5, 0x7b, 0x0f, 0x4b, 0xf4, 0x6b, 0x16, 0x8c, 0xb7, 0xfb, 0x94, 0x3c, 0x17, - 0x2e, 0xc0, 0x9b, 0xc7, 0x53, 0x50, 0xbd, 0xf1, 0xf8, 0xde, 0xee, 0x44, 0xdf, 0x4a, 0xf3, 0xb8, - 0xaf, 0x54, 0xf6, 0x77, 0xca, 0xc0, 0x4a, 0x9f, 0xb2, 0x0a, 0x63, 0x3b, 0xe8, 0x13, 0x66, 0x11, - 0x5b, 0xab, 0xa8, 0x82, 0xab, 0x9c, 0xb8, 0x2a, 0x82, 0xcb, 0x7b, 0x30, 0xaf, 0x26, 0x6e, 0x56, - 0x69, 0x95, 0x06, 0x50, 0x5a, 0xbe, 0xac, 0x16, 0x5c, 0x2e, 0xbe, 0x5a, 0x70, 0x3d, 0x5b, 0x29, - 0xf8, 0xde, 0x9f, 0xb8, 0xf2, 0x50, 0x7e, 0xe2, 0xbf, 0x66, 0x71, 0xc5, 0x93, 0xf9, 0x0a, 0xda, - 0x32, 0xb0, 0xee, 0x61, 0x19, 0x3c, 0xcb, 0x6e, 0x4d, 0x5f, 0xbf, 0x42, 0x1c, 0x5f, 0x58, 0x10, - 0xe6, 0x05, 0xe8, 0xac, 0x1d, 0x2b, 0x0c, 0x76, 0x89, 0xa0, 0xef, 0x87, 0x77, 0x2e, 0xb5, 0x3b, - 0xc9, 0x8e, 0xb0, 0x25, 0xf4, 0x25, 0x82, 0x0a, 0x82, 0x0d, 0x2c, 0xfb, 0xaf, 0x97, 0xf8, 0x08, - 0x14, 0x41, 0x00, 0x2f, 0x65, 0xae, 0x7d, 0x1a, 0xfc, 0xfc, 0xfc, 0x63, 0x00, 0xae, 0xba, 0x30, - 0x59, 0x9c, 0xce, 0x5c, 0x39, 0xf2, 0x6d, 0xae, 0x82, 0x9e, 0x7e, 0x0d, 0xdd, 0x86, 0x0d, 0x7e, - 0x29, 0x5d, 0x5a, 0xde, 0x57, 0x97, 0xa6, 0xd4, 0x4a, 0x65, 0x9f, 0xd5, 0xee, 0x8f, 0x2d, 0x48, - 0x59, 0x44, 0xa8, 0x03, 0x55, 0x2a, 0xee, 0x4e, 0x31, 0x77, 0x41, 0x9b, 0xa4, 0xa9, 0x6a, 0x14, - 0xc3, 0x9e, 0xfd, 0xc4, 0x9c, 0x11, 0xf2, 0x45, 0xac, 0x40, 0xa9, 0x88, 0xfb, 0xca, 0x4d, 0x86, - 0x57, 0xc2, 0x70, 0x93, 0x1f, 0x31, 0xea, 0xb8, 0x03, 0xfb, 0x25, 0x18, 0xeb, 0x11, 0x8a, 0xdd, - 0xf0, 0x12, 0xca, 0x0b, 0xb0, 0x8d, 0xe1, 0xca, 0x12, 0x0b, 0x31, 0x87, 0xd9, 0x6f, 0x59, 0x70, - 0x3a, 0x4b, 0x1e, 0x7d, 0xd5, 0x82, 0xb1, 0x38, 0x4b, 0xef, 0xb8, 0xfa, 0x4e, 0xc5, 0xfb, 0xf5, - 0x80, 0x70, 0xaf, 0x10, 0xf6, 0xff, 0x11, 0x83, 0xff, 0x96, 0x17, 0x34, 0xc3, 0x3b, 0xca, 0x30, - 0xb1, 0xfa, 0x1a, 0x26, 0x74, 0x3e, 0xba, 0x1b, 0xa4, 0xd9, 0xf5, 0x7b, 0x32, 0x1a, 0x57, 0x44, - 0x3b, 0x56, 0x18, 0x2c, 0x81, 0xab, 0x2b, 0xca, 0x89, 0x67, 0x06, 0xe5, 0xac, 0x68, 0xc7, 0x0a, - 0x03, 0xbd, 0x00, 0xa3, 0xe6, 0x25, 0xef, 0x62, 0x5c, 0x32, 0x83, 0xdc, 0xbc, 0x0f, 0x1e, 0xa7, - 0xb0, 0xd0, 0x24, 0x80, 0x32, 0x72, 0xe4, 0x12, 0xc9, 0x5c, 0x36, 0x4a, 0x13, 0xc5, 0xd8, 0xc0, - 0x60, 0xe9, 0x92, 0xfc, 0x26, 0x75, 0x19, 0x15, 0xcb, 0xd3, 0x25, 0x45, 0x1b, 0x56, 0x50, 0xaa, - 0x4d, 0xda, 0x4e, 0xd0, 0x75, 0x7c, 0xda, 0x43, 0x22, 0xc7, 0x5b, 0x4d, 0xc3, 0x45, 0x05, 0xc1, - 0x06, 0x16, 0x7d, 0xe3, 0xc4, 0x6b, 0x93, 0x57, 0xc3, 0x40, 0xc6, 0x69, 0xe9, 0x03, 0x18, 0xd1, - 0x8e, 0x15, 0x86, 0xfd, 0x9f, 0x2d, 0x38, 0xa5, 0x93, 0xaf, 0xf9, 0x5d, 0xae, 0xe6, 0x9e, 0xd1, - 0xda, 0x37, 0xaf, 0x3c, 0x9d, 0x95, 0x5a, 0x1a, 0x28, 0x2b, 0xd5, 0x4c, 0x18, 0x2d, 0xdf, 0x33, - 0x61, 0xf4, 0x07, 0xf5, 0x3d, 0x81, 0x3c, 0xb3, 0x74, 0x24, 0xef, 0x8e, 0x40, 0x64, 0xc3, 0x90, - 0xeb, 0xa8, 0xca, 0x23, 0xa3, 0x7c, 0xef, 0x30, 0x33, 0xcd, 0x90, 0x04, 0xc4, 0x5e, 0x82, 0xba, - 0x3a, 0x87, 0x90, 0x1b, 0x55, 0x2b, 0x7f, 0xa3, 0x3a, 0x50, 0x82, 0x5c, 0x63, 0xed, 0x9b, 0xdf, - 0x7d, 0xf2, 0x1d, 0xbf, 0xf3, 0xdd, 0x27, 0xdf, 0xf1, 0xfb, 0xdf, 0x7d, 0xf2, 0x1d, 0x9f, 0xdc, - 0x7b, 0xd2, 0xfa, 0xe6, 0xde, 0x93, 0xd6, 0xef, 0xec, 0x3d, 0x69, 0xfd, 0xfe, 0xde, 0x93, 0xd6, - 0x77, 0xf6, 0x9e, 0xb4, 0xbe, 0xf4, 0x1f, 0x9e, 0x7c, 0xc7, 0xab, 0xb9, 0x81, 0x7a, 0xf4, 0xc7, - 0x73, 0x6e, 0x73, 0x6a, 0xeb, 0x22, 0x8b, 0x15, 0xa3, 0xd3, 0x6b, 0xca, 0x18, 0x53, 0x53, 0x72, - 0x7a, 0xfd, 0xff, 0x00, 0x00, 0x00, 0xff, 0xff, 0xe1, 0x5f, 0x0c, 0xde, 0x1c, 0xd9, 0x00, 0x00, + 0xcf, 0x39, 0x17, 0x16, 0x5a, 0x5e, 0xba, 0xd1, 0x59, 0x9b, 0x74, 0xc3, 0xf6, 0x94, 0x13, 0xb7, + 0xc2, 0x28, 0x0e, 0x6f, 0xb3, 0x1f, 0xcf, 0xb9, 0xcd, 0xa9, 0xad, 0x8b, 0x53, 0xd1, 0x66, 0x6b, + 0xca, 0x89, 0xbc, 0x64, 0xca, 0x89, 0x22, 0xdf, 0x73, 0x9d, 0xd4, 0x0b, 0x83, 0xa9, 0xad, 0xe7, + 0x1d, 0x3f, 0xda, 0x70, 0x9e, 0x9f, 0x6a, 0x91, 0x80, 0xc4, 0x4e, 0x4a, 0x9a, 0x93, 0x51, 0x1c, + 0xa6, 0x21, 0xfa, 0x11, 0x4d, 0x6d, 0x52, 0x52, 0x63, 0x3f, 0x5e, 0x77, 0x9b, 0x93, 0x5b, 0x17, + 0x27, 0xa3, 0xcd, 0xd6, 0x24, 0xa5, 0x36, 0x69, 0x50, 0x9b, 0x94, 0xd4, 0xce, 0x3f, 0x67, 0xc8, + 0xd2, 0x0a, 0x5b, 0xe1, 0x14, 0x23, 0xba, 0xd6, 0x59, 0x67, 0xff, 0xd8, 0x1f, 0xf6, 0x8b, 0x33, + 0x3b, 0x6f, 0x6f, 0xbe, 0x94, 0x4c, 0x7a, 0x21, 0x15, 0x6f, 0xca, 0x0d, 0x63, 0x32, 0xb5, 0xd5, + 0x25, 0xd0, 0xf9, 0x2b, 0x1a, 0x87, 0x6c, 0xa7, 0x24, 0x48, 0xbc, 0x30, 0x48, 0x9e, 0xa3, 0x22, + 0x90, 0x78, 0x8b, 0xc4, 0xe6, 0xeb, 0x19, 0x08, 0xbd, 0x28, 0xbd, 0xa0, 0x29, 0xb5, 0x1d, 0x77, + 0xc3, 0x0b, 0x48, 0xbc, 0xa3, 0x1f, 0x6f, 0x93, 0xd4, 0xe9, 0xf5, 0xd4, 0x54, 0xbf, 0xa7, 0xe2, + 0x4e, 0x90, 0x7a, 0x6d, 0xd2, 0xf5, 0xc0, 0xfb, 0xf6, 0x7b, 0x20, 0x71, 0x37, 0x48, 0xdb, 0xe9, + 0x7a, 0xee, 0xbd, 0xfd, 0x9e, 0xeb, 0xa4, 0x9e, 0x3f, 0xe5, 0x05, 0x69, 0x92, 0xc6, 0xf9, 0x87, + 0xec, 0x37, 0xe0, 0xc4, 0xf4, 0xad, 0x95, 0xe9, 0x4e, 0xba, 0x31, 0x13, 0x06, 0xeb, 0x5e, 0x0b, + 0xbd, 0x08, 0x23, 0xae, 0xdf, 0x49, 0x52, 0x12, 0x5f, 0x77, 0xda, 0x64, 0xdc, 0xba, 0x60, 0x3d, + 0x53, 0x6f, 0x9c, 0xf9, 0xe6, 0xee, 0xc4, 0x3b, 0xf6, 0x76, 0x27, 0x46, 0x66, 0x34, 0x08, 0x9b, + 0x78, 0xe8, 0xdd, 0x30, 0x1c, 0x87, 0x3e, 0x99, 0xc6, 0xd7, 0xc7, 0x4b, 0xec, 0x91, 0x53, 0xe2, + 0x91, 0x61, 0xcc, 0x9b, 0xb1, 0x84, 0xdb, 0xbf, 0x5f, 0x02, 0x98, 0x8e, 0xa2, 0xe5, 0x38, 0xbc, + 0x4d, 0xdc, 0x14, 0x7d, 0x14, 0x6a, 0xb4, 0xeb, 0x9a, 0x4e, 0xea, 0x30, 0x6e, 0x23, 0x17, 0x7f, + 0x68, 0x92, 0xbf, 0xc9, 0xa4, 0xf9, 0x26, 0x7a, 0xe0, 0x50, 0xec, 0xc9, 0xad, 0xe7, 0x27, 0x97, + 0xd6, 0xe8, 0xf3, 0x8b, 0x24, 0x75, 0x1a, 0x48, 0x30, 0x03, 0xdd, 0x86, 0x15, 0x55, 0x14, 0x40, + 0x25, 0x89, 0x88, 0xcb, 0x04, 0x1b, 0xb9, 0xb8, 0x30, 0x79, 0x94, 0x11, 0x3a, 0xa9, 0x25, 0x5f, + 0x89, 0x88, 0xdb, 0x18, 0x15, 0x9c, 0x2b, 0xf4, 0x1f, 0x66, 0x7c, 0xd0, 0x16, 0x0c, 0x25, 0xa9, + 0x93, 0x76, 0x92, 0xf1, 0x32, 0xe3, 0x78, 0xbd, 0x30, 0x8e, 0x8c, 0x6a, 0xe3, 0xa4, 0xe0, 0x39, + 0xc4, 0xff, 0x63, 0xc1, 0xcd, 0xfe, 0x23, 0x0b, 0x4e, 0x6a, 0xe4, 0x05, 0x2f, 0x49, 0xd1, 0x8f, + 0x77, 0x75, 0xee, 0xe4, 0x60, 0x9d, 0x4b, 0x9f, 0x66, 0x5d, 0x7b, 0x5a, 0x30, 0xab, 0xc9, 0x16, + 0xa3, 0x63, 0xdb, 0x50, 0xf5, 0x52, 0xd2, 0x4e, 0xc6, 0x4b, 0x17, 0xca, 0xcf, 0x8c, 0x5c, 0xbc, + 0x52, 0xd4, 0x7b, 0x36, 0x4e, 0x08, 0xa6, 0xd5, 0x79, 0x4a, 0x1e, 0x73, 0x2e, 0xf6, 0xaf, 0x8e, + 0x9a, 0xef, 0x47, 0x3b, 0x1c, 0x3d, 0x0f, 0x23, 0x49, 0xd8, 0x89, 0x5d, 0x82, 0x49, 0x14, 0x26, + 0xe3, 0xd6, 0x85, 0x32, 0x1d, 0x7a, 0x74, 0xa4, 0xae, 0xe8, 0x66, 0x6c, 0xe2, 0xa0, 0x2f, 0x58, + 0x30, 0xda, 0x24, 0x49, 0xea, 0x05, 0x8c, 0xbf, 0x14, 0x7e, 0xf5, 0xc8, 0xc2, 0xcb, 0xc6, 0x59, + 0x4d, 0xbc, 0x71, 0x56, 0xbc, 0xc8, 0xa8, 0xd1, 0x98, 0xe0, 0x0c, 0x7f, 0x3a, 0xe3, 0x9a, 0x24, + 0x71, 0x63, 0x2f, 0xa2, 0xff, 0xd9, 0x98, 0x31, 0x66, 0xdc, 0xac, 0x06, 0x61, 0x13, 0x0f, 0x05, + 0x50, 0xa5, 0x33, 0x2a, 0x19, 0xaf, 0x30, 0xf9, 0xe7, 0x8f, 0x26, 0xbf, 0xe8, 0x54, 0x3a, 0x59, + 0x75, 0xef, 0xd3, 0x7f, 0x09, 0xe6, 0x6c, 0xd0, 0xe7, 0x2d, 0x18, 0x17, 0x33, 0x1e, 0x13, 0xde, + 0xa1, 0xb7, 0x36, 0xbc, 0x94, 0xf8, 0x5e, 0x92, 0x8e, 0x57, 0x99, 0x0c, 0x53, 0x83, 0x8d, 0xad, + 0xb9, 0x38, 0xec, 0x44, 0xd7, 0xbc, 0xa0, 0xd9, 0xb8, 0x20, 0x38, 0x8d, 0xcf, 0xf4, 0x21, 0x8c, + 0xfb, 0xb2, 0x44, 0x5f, 0xb1, 0xe0, 0x7c, 0xe0, 0xb4, 0x49, 0x12, 0x39, 0xf4, 0xd3, 0x72, 0x70, + 0xc3, 0x77, 0xdc, 0x4d, 0x26, 0xd1, 0xd0, 0xe1, 0x24, 0xb2, 0x85, 0x44, 0xe7, 0xaf, 0xf7, 0x25, + 0x8d, 0xef, 0xc1, 0x16, 0x7d, 0xc3, 0x82, 0xb1, 0x30, 0x8e, 0x36, 0x9c, 0x80, 0x34, 0x25, 0x34, + 0x19, 0x1f, 0x66, 0x53, 0xef, 0x23, 0x47, 0xfb, 0x44, 0x4b, 0x79, 0xb2, 0x8b, 0x61, 0xe0, 0xa5, + 0x61, 0xbc, 0x42, 0xd2, 0xd4, 0x0b, 0x5a, 0x49, 0xe3, 0xdc, 0xde, 0xee, 0xc4, 0x58, 0x17, 0x16, + 0xee, 0x96, 0x07, 0xfd, 0x04, 0x8c, 0x24, 0x3b, 0x81, 0x7b, 0xcb, 0x0b, 0x9a, 0xe1, 0x9d, 0x64, + 0xbc, 0x56, 0xc4, 0xf4, 0x5d, 0x51, 0x04, 0xc5, 0x04, 0xd4, 0x0c, 0xb0, 0xc9, 0xad, 0xf7, 0x87, + 0xd3, 0x43, 0xa9, 0x5e, 0xf4, 0x87, 0xd3, 0x83, 0xe9, 0x1e, 0x6c, 0xd1, 0xcf, 0x59, 0x70, 0x22, + 0xf1, 0x5a, 0x81, 0x93, 0x76, 0x62, 0x72, 0x8d, 0xec, 0x24, 0xe3, 0xc0, 0x04, 0xb9, 0x7a, 0xc4, + 0x5e, 0x31, 0x48, 0x36, 0xce, 0x09, 0x19, 0x4f, 0x98, 0xad, 0x09, 0xce, 0xf2, 0xed, 0x35, 0xd1, + 0xf4, 0xb0, 0x1e, 0x29, 0x76, 0xa2, 0xe9, 0x41, 0xdd, 0x97, 0x25, 0xfa, 0x31, 0x38, 0xcd, 0x9b, + 0x54, 0xcf, 0x26, 0xe3, 0xa3, 0x4c, 0xd1, 0x9e, 0xdd, 0xdb, 0x9d, 0x38, 0xbd, 0x92, 0x83, 0xe1, + 0x2e, 0x6c, 0xf4, 0x06, 0x4c, 0x44, 0x24, 0x6e, 0x7b, 0xe9, 0x52, 0xe0, 0xef, 0x48, 0xf5, 0xed, + 0x86, 0x11, 0x69, 0x0a, 0x71, 0x92, 0xf1, 0x13, 0x17, 0xac, 0x67, 0x6a, 0x8d, 0x77, 0x09, 0x31, + 0x27, 0x96, 0xef, 0x8d, 0x8e, 0xf7, 0xa3, 0x67, 0xff, 0xf3, 0x12, 0x9c, 0xce, 0x2f, 0x9c, 0xe8, + 0x6f, 0x5a, 0x70, 0xea, 0xf6, 0x9d, 0x74, 0x35, 0xdc, 0x24, 0x41, 0xd2, 0xd8, 0xa1, 0xea, 0x8d, + 0x2d, 0x19, 0x23, 0x17, 0xdd, 0x62, 0x97, 0xe8, 0xc9, 0xab, 0x59, 0x2e, 0x97, 0x82, 0x34, 0xde, + 0x69, 0x3c, 0x2a, 0xde, 0xee, 0xd4, 0xd5, 0x5b, 0xab, 0x26, 0x14, 0xe7, 0x85, 0x3a, 0xff, 0x59, + 0x0b, 0xce, 0xf6, 0x22, 0x81, 0x4e, 0x43, 0x79, 0x93, 0xec, 0x70, 0xab, 0x0c, 0xd3, 0x9f, 0xe8, + 0x35, 0xa8, 0x6e, 0x39, 0x7e, 0x87, 0x08, 0xeb, 0x66, 0xee, 0x68, 0x2f, 0xa2, 0x24, 0xc3, 0x9c, + 0xea, 0x0f, 0x97, 0x5e, 0xb2, 0xec, 0x7f, 0x55, 0x86, 0x11, 0x63, 0x7d, 0xbb, 0x0f, 0x16, 0x5b, + 0x98, 0xb1, 0xd8, 0x16, 0x0b, 0x5b, 0x9a, 0xfb, 0x9a, 0x6c, 0x77, 0x72, 0x26, 0xdb, 0x52, 0x71, + 0x2c, 0xef, 0x69, 0xb3, 0xa1, 0x14, 0xea, 0x61, 0x44, 0x2d, 0x72, 0xba, 0xf4, 0x57, 0x8a, 0xf8, + 0x84, 0x4b, 0x92, 0x5c, 0xe3, 0xc4, 0xde, 0xee, 0x44, 0x5d, 0xfd, 0xc5, 0x9a, 0x91, 0xfd, 0x6d, + 0x0b, 0xce, 0x1a, 0x32, 0xce, 0x84, 0x41, 0xd3, 0x63, 0x9f, 0xf6, 0x02, 0x54, 0xd2, 0x9d, 0x48, + 0x9a, 0xfd, 0xaa, 0xa7, 0x56, 0x77, 0x22, 0x82, 0x19, 0x84, 0x1a, 0xfa, 0x6d, 0x92, 0x24, 0x4e, + 0x8b, 0xe4, 0x0d, 0xfd, 0x45, 0xde, 0x8c, 0x25, 0x1c, 0xc5, 0x80, 0x7c, 0x27, 0x49, 0x57, 0x63, + 0x27, 0x48, 0x18, 0xf9, 0x55, 0xaf, 0x4d, 0x44, 0x07, 0xff, 0x99, 0xc1, 0x46, 0x0c, 0x7d, 0xa2, + 0xf1, 0xc8, 0xde, 0xee, 0x04, 0x5a, 0xe8, 0xa2, 0x84, 0x7b, 0x50, 0xb7, 0xbf, 0x62, 0xc1, 0x23, + 0xbd, 0x6d, 0x31, 0xf4, 0x34, 0x0c, 0xf1, 0x2d, 0x9f, 0x78, 0x3b, 0xfd, 0x49, 0x58, 0x2b, 0x16, + 0x50, 0x34, 0x05, 0x75, 0xb5, 0x4e, 0x88, 0x77, 0x1c, 0x13, 0xa8, 0x75, 0xbd, 0xb8, 0x68, 0x1c, + 0xda, 0x69, 0xf4, 0x8f, 0xb0, 0xdc, 0x54, 0xa7, 0xb1, 0x4d, 0x12, 0x83, 0xd8, 0xff, 0xde, 0x82, + 0x53, 0x86, 0x54, 0xf7, 0xc1, 0x34, 0x0f, 0xb2, 0xa6, 0xf9, 0x7c, 0x61, 0xe3, 0xb9, 0x8f, 0x6d, + 0xfe, 0x79, 0x0b, 0xce, 0x1b, 0x58, 0x8b, 0x4e, 0xea, 0x6e, 0x5c, 0xda, 0x8e, 0x62, 0x92, 0xd0, + 0xed, 0x34, 0x7a, 0xc2, 0xd0, 0x5b, 0x8d, 0x11, 0x41, 0xa1, 0x7c, 0x8d, 0xec, 0x70, 0x25, 0xf6, + 0x2c, 0xd4, 0xf8, 0xe0, 0x0c, 0x63, 0xd1, 0xe3, 0xea, 0xdd, 0x96, 0x44, 0x3b, 0x56, 0x18, 0xc8, + 0x86, 0x21, 0xa6, 0x9c, 0xe8, 0x64, 0xa5, 0xcb, 0x10, 0xd0, 0x8f, 0x78, 0x93, 0xb5, 0x60, 0x01, + 0xb1, 0x97, 0x32, 0xe2, 0x2c, 0xc7, 0x84, 0x7d, 0xdc, 0xe6, 0x65, 0x8f, 0xf8, 0xcd, 0x84, 0x6e, + 0x1b, 0x9c, 0x20, 0x08, 0x53, 0xb1, 0x03, 0x30, 0xb6, 0x0d, 0xd3, 0xba, 0x19, 0x9b, 0x38, 0xf6, + 0x5e, 0x89, 0x6d, 0x3e, 0xd4, 0xb4, 0x26, 0xf7, 0x63, 0xe7, 0x1a, 0x67, 0xf4, 0xe0, 0x72, 0x71, + 0x4a, 0x89, 0xf4, 0xdf, 0xbd, 0xbe, 0x99, 0x53, 0x85, 0xb8, 0x50, 0xae, 0xf7, 0xde, 0xc1, 0xfe, + 0x56, 0x09, 0x26, 0xb2, 0x0f, 0x74, 0x69, 0x52, 0xba, 0x5d, 0x32, 0x18, 0xe5, 0x1d, 0x14, 0x06, + 0x3e, 0x36, 0xf1, 0xfa, 0x28, 0xa3, 0xd2, 0x71, 0x2a, 0x23, 0x53, 0x57, 0x96, 0xf7, 0xd1, 0x95, + 0x4f, 0xab, 0x5e, 0xaf, 0xe4, 0x94, 0x53, 0x76, 0xbd, 0xb8, 0x00, 0x95, 0x24, 0x25, 0xd1, 0x78, + 0x35, 0xab, 0x6b, 0x56, 0x52, 0x12, 0x61, 0x06, 0xb1, 0xff, 0x4b, 0x09, 0x1e, 0xcd, 0xf6, 0xa1, + 0x56, 0xef, 0x1f, 0xc8, 0xa8, 0xf7, 0xf7, 0x98, 0xea, 0xfd, 0xee, 0xee, 0xc4, 0x3b, 0xfb, 0x3c, + 0xf6, 0x3d, 0xa3, 0xfd, 0xd1, 0x5c, 0xae, 0x17, 0xa7, 0xb2, 0xbd, 0x78, 0x77, 0x77, 0xe2, 0x89, + 0x3e, 0xef, 0x98, 0xeb, 0xe6, 0xa7, 0x61, 0x28, 0x26, 0x4e, 0x12, 0x06, 0xa2, 0xa3, 0xd5, 0xe7, + 0xc0, 0xac, 0x15, 0x0b, 0xa8, 0xfd, 0xaf, 0xeb, 0xf9, 0xce, 0x9e, 0xe3, 0x0e, 0xb6, 0x30, 0x46, + 0x1e, 0x54, 0x98, 0xc9, 0xce, 0x55, 0xc3, 0xb5, 0xa3, 0x4d, 0x23, 0xaa, 0xe2, 0x15, 0xe9, 0x46, + 0x8d, 0x7e, 0x35, 0xda, 0x84, 0x19, 0x0b, 0xb4, 0x0d, 0x35, 0x57, 0x5a, 0xd2, 0xa5, 0x22, 0x7c, + 0x4e, 0xc2, 0x8e, 0xd6, 0x1c, 0x47, 0xa9, 0x2e, 0x56, 0xe6, 0xb7, 0xe2, 0x86, 0x08, 0x94, 0x5b, + 0x5e, 0x2a, 0x3e, 0xeb, 0x11, 0xf7, 0x4a, 0x73, 0x9e, 0xf1, 0x8a, 0xc3, 0x74, 0x81, 0x98, 0xf3, + 0x52, 0x4c, 0xe9, 0xa3, 0x9f, 0xb1, 0x60, 0x24, 0x71, 0xdb, 0xcb, 0x71, 0xb8, 0xe5, 0x35, 0x49, + 0x2c, 0x2c, 0xa5, 0x23, 0xaa, 0xa6, 0x95, 0x99, 0x45, 0x49, 0x50, 0xf3, 0xe5, 0x7b, 0x57, 0x0d, + 0xc1, 0x26, 0x5f, 0xba, 0x83, 0x78, 0x54, 0xbc, 0xfb, 0x2c, 0x71, 0x3d, 0xba, 0xb6, 0xc9, 0x0d, + 0x13, 0x1b, 0x29, 0x47, 0xb6, 0x1c, 0x67, 0x3b, 0xee, 0x26, 0x9d, 0x6f, 0x5a, 0xa0, 0x77, 0xee, + 0xed, 0x4e, 0x3c, 0x3a, 0xd3, 0x9b, 0x27, 0xee, 0x27, 0x0c, 0xeb, 0xb0, 0xa8, 0xe3, 0xfb, 0x98, + 0xbc, 0xd1, 0x21, 0xcc, 0x1d, 0x52, 0x40, 0x87, 0x2d, 0x6b, 0x82, 0xb9, 0x0e, 0x33, 0x20, 0xd8, + 0xe4, 0x8b, 0xde, 0x80, 0xa1, 0xb6, 0x93, 0xc6, 0xde, 0xb6, 0xf0, 0x81, 0x1c, 0xd1, 0x96, 0x5f, + 0x64, 0xb4, 0x34, 0x73, 0xb6, 0xf4, 0xf3, 0x46, 0x2c, 0x18, 0xa1, 0x36, 0x54, 0xdb, 0x24, 0x6e, + 0x91, 0xf1, 0x5a, 0x11, 0xfe, 0xde, 0x45, 0x4a, 0x4a, 0x33, 0xac, 0x53, 0xcb, 0x87, 0xb5, 0x61, + 0xce, 0x05, 0xbd, 0x06, 0xb5, 0x84, 0xf8, 0xc4, 0xa5, 0xb6, 0x4b, 0x9d, 0x71, 0x7c, 0xef, 0x80, + 0x76, 0x9c, 0xb3, 0x46, 0xfc, 0x15, 0xf1, 0x28, 0x9f, 0x60, 0xf2, 0x1f, 0x56, 0x24, 0x69, 0x07, + 0x46, 0x7e, 0xa7, 0xe5, 0x05, 0xe3, 0x50, 0x44, 0x07, 0x2e, 0x33, 0x5a, 0xb9, 0x0e, 0xe4, 0x8d, + 0x58, 0x30, 0xb2, 0xff, 0xa3, 0x05, 0x28, 0xab, 0xd4, 0xee, 0x83, 0xc1, 0xfa, 0x46, 0xd6, 0x60, + 0x5d, 0x28, 0xd2, 0xea, 0xe8, 0x63, 0xb3, 0xfe, 0x46, 0x1d, 0x72, 0xcb, 0xc1, 0x75, 0x92, 0xa4, + 0xa4, 0xf9, 0xb6, 0x0a, 0x7f, 0x5b, 0x85, 0xbf, 0xad, 0xc2, 0x95, 0x0a, 0x5f, 0xcb, 0xa9, 0xf0, + 0xf7, 0x1b, 0xb3, 0x5e, 0x1f, 0x98, 0xbe, 0xae, 0x4e, 0x54, 0x4d, 0x09, 0x0c, 0x04, 0xaa, 0x09, + 0xae, 0xae, 0x2c, 0x5d, 0xef, 0xa9, 0xb3, 0x5f, 0xcf, 0xea, 0xec, 0xa3, 0xb2, 0xf8, 0xd3, 0xa0, + 0xa5, 0xff, 0x6a, 0x09, 0x1e, 0xcb, 0x6a, 0x2f, 0x1c, 0xfa, 0x7e, 0xd8, 0x49, 0xe9, 0x5e, 0x00, + 0xfd, 0xa2, 0x05, 0xa7, 0xdb, 0xd9, 0x4d, 0x78, 0x22, 0x7c, 0x9d, 0x1f, 0x2c, 0x4c, 0xb5, 0xe6, + 0x76, 0xf9, 0x8d, 0x71, 0xa1, 0x66, 0x4f, 0xe7, 0x00, 0x09, 0xee, 0x92, 0x05, 0xbd, 0x06, 0xf5, + 0xb6, 0xb3, 0x7d, 0x23, 0x6a, 0x3a, 0xa9, 0xdc, 0x86, 0xf5, 0xdf, 0x3d, 0x77, 0x52, 0xcf, 0x9f, + 0xe4, 0x27, 0xd8, 0x93, 0xf3, 0x41, 0xba, 0x14, 0xaf, 0xa4, 0xb1, 0x17, 0xb4, 0xb8, 0x87, 0x6b, + 0x51, 0x92, 0xc1, 0x9a, 0xa2, 0xfd, 0x35, 0x2b, 0xaf, 0xdb, 0x55, 0xef, 0xc4, 0x4e, 0x4a, 0x5a, + 0x3b, 0xe8, 0x63, 0x50, 0xa5, 0xfb, 0x25, 0xd9, 0x2b, 0xb7, 0x8a, 0x5c, 0x70, 0x8c, 0x2f, 0xa1, + 0xd7, 0x1e, 0xfa, 0x2f, 0xc1, 0x9c, 0xa9, 0xfd, 0x95, 0xe1, 0xfc, 0x1a, 0xcb, 0xce, 0x33, 0x2f, + 0x02, 0xb4, 0xc2, 0x55, 0xd2, 0x8e, 0x7c, 0xda, 0x2d, 0x16, 0x73, 0x8a, 0x2b, 0x17, 0xc1, 0x9c, + 0x82, 0x60, 0x03, 0x0b, 0xfd, 0x79, 0x0b, 0xa0, 0x25, 0x87, 0x8a, 0x5c, 0x3f, 0x6f, 0x14, 0xf9, + 0x3a, 0x7a, 0x20, 0x6a, 0x59, 0x14, 0x43, 0x6c, 0x30, 0x47, 0x3f, 0x65, 0x41, 0x2d, 0x95, 0xe2, + 0xf3, 0x15, 0x65, 0xb5, 0x48, 0x49, 0xe4, 0x4b, 0x6b, 0x53, 0x42, 0x75, 0x89, 0xe2, 0x8b, 0x7e, + 0xd6, 0x02, 0x48, 0x76, 0x02, 0x77, 0x39, 0xf4, 0x3d, 0x77, 0x47, 0x2c, 0x34, 0x37, 0x0b, 0x75, + 0x63, 0x28, 0xea, 0x8d, 0x93, 0xb4, 0x37, 0xf4, 0x7f, 0x6c, 0x70, 0x46, 0x9f, 0x80, 0x5a, 0x22, + 0x86, 0x9b, 0x58, 0x5a, 0x56, 0x8b, 0x75, 0xa6, 0x70, 0xda, 0x42, 0x2b, 0x89, 0x7f, 0x58, 0xf1, + 0x44, 0x3f, 0x6f, 0xc1, 0xa9, 0x28, 0xeb, 0xfa, 0x12, 0xab, 0x48, 0x71, 0x3a, 0x20, 0xe7, 0x5a, + 0x6b, 0x9c, 0xd9, 0xdb, 0x9d, 0x38, 0x95, 0x6b, 0xc4, 0x79, 0x29, 0xd0, 0x0c, 0x8c, 0xe9, 0x11, + 0xbc, 0x14, 0x71, 0x37, 0xdc, 0x30, 0x73, 0xc3, 0xb1, 0x53, 0xcc, 0xb9, 0x3c, 0x10, 0x77, 0xe3, + 0xa3, 0x65, 0x38, 0x4b, 0xa5, 0xdb, 0xe1, 0x56, 0x9b, 0xd4, 0xca, 0x09, 0x5b, 0x43, 0x6a, 0x8d, + 0xc7, 0xc5, 0x08, 0x61, 0x8e, 0xee, 0x3c, 0x0e, 0xee, 0xf9, 0xa4, 0xfd, 0xad, 0x52, 0xc6, 0x2f, + 0xae, 0x1c, 0x56, 0x6c, 0x8e, 0xb9, 0xd2, 0x57, 0x20, 0x55, 0x46, 0xa1, 0x73, 0x4c, 0x79, 0x22, + 0xf4, 0x1c, 0x53, 0x4d, 0x09, 0x36, 0x98, 0x53, 0x03, 0x66, 0xcc, 0xc9, 0xbb, 0xc5, 0xc4, 0xb4, + 0x7f, 0xad, 0x48, 0x91, 0xba, 0x4f, 0x31, 0x1e, 0x13, 0xa2, 0x8d, 0x75, 0x81, 0x70, 0xb7, 0x48, + 0xf6, 0xb7, 0xb2, 0xbe, 0x78, 0x63, 0xc4, 0x0e, 0x70, 0xce, 0xf0, 0x05, 0x0b, 0x46, 0xe2, 0xd0, + 0xf7, 0xbd, 0xa0, 0x45, 0x67, 0x97, 0x58, 0x22, 0x3e, 0x7c, 0x2c, 0x5a, 0x5a, 0x4c, 0x23, 0x66, + 0x06, 0x61, 0xcd, 0x13, 0x9b, 0x02, 0xd8, 0x7f, 0x64, 0xc1, 0x78, 0x3f, 0x2d, 0x80, 0x08, 0xbc, + 0x53, 0x0e, 0x71, 0x75, 0xca, 0xbe, 0x14, 0xcc, 0x12, 0x9f, 0x28, 0x27, 0x65, 0xad, 0xf1, 0x94, + 0x78, 0xcd, 0x77, 0x2e, 0xf7, 0x47, 0xc5, 0xf7, 0xa2, 0x83, 0x5e, 0x85, 0xd3, 0xc6, 0x7b, 0x25, + 0xaa, 0x63, 0xea, 0x8d, 0x49, 0xba, 0xec, 0x4e, 0xe7, 0x60, 0x77, 0x77, 0x27, 0x1e, 0xc9, 0xb7, + 0x09, 0x35, 0xd5, 0x45, 0xc7, 0xfe, 0x95, 0x52, 0xfe, 0x6b, 0xa9, 0x15, 0xe6, 0xab, 0x56, 0xd7, + 0xd6, 0xef, 0x83, 0xc7, 0xa1, 0xd5, 0xd9, 0x26, 0x51, 0x1d, 0xe4, 0xf7, 0xc7, 0x79, 0x80, 0x27, + 0x85, 0xf6, 0xbf, 0xa8, 0xc0, 0x3d, 0x24, 0x53, 0x67, 0x41, 0x56, 0xbf, 0xb3, 0xa0, 0x83, 0x1f, + 0x2f, 0x7d, 0xce, 0x82, 0x21, 0x9f, 0x5a, 0xa1, 0xfc, 0xbc, 0x63, 0xe4, 0x62, 0xf3, 0xb8, 0xfa, + 0x9e, 0x1b, 0xbb, 0x09, 0x3f, 0xad, 0x56, 0x2e, 0x4f, 0xde, 0x88, 0x85, 0x0c, 0xe8, 0xeb, 0x56, + 0xf6, 0xf0, 0x84, 0x87, 0x1f, 0x79, 0xc7, 0x26, 0x93, 0x71, 0x22, 0xc3, 0x05, 0xd3, 0xbe, 0xfe, + 0x3e, 0x67, 0x35, 0x68, 0x12, 0x60, 0xdd, 0x0b, 0x1c, 0xdf, 0x7b, 0x93, 0xee, 0xa6, 0xab, 0x6c, + 0x59, 0x61, 0xeb, 0xf4, 0x65, 0xd5, 0x8a, 0x0d, 0x8c, 0xf3, 0x7f, 0x0e, 0x46, 0x8c, 0x37, 0xef, + 0x71, 0xc8, 0x7e, 0xd6, 0x3c, 0x64, 0xaf, 0x1b, 0x67, 0xe3, 0xe7, 0xdf, 0x0f, 0xa7, 0xf3, 0x02, + 0x1e, 0xe4, 0x79, 0xfb, 0x7f, 0x0e, 0xe7, 0x4f, 0x3c, 0x56, 0x49, 0xdc, 0xa6, 0xa2, 0xbd, 0xed, + 0x85, 0x78, 0xdb, 0x0b, 0xf1, 0xb6, 0x17, 0xc2, 0x74, 0x24, 0x8b, 0x1d, 0xf6, 0xf0, 0x7d, 0xda, + 0x61, 0x67, 0x7c, 0x06, 0xb5, 0xc2, 0x7d, 0x06, 0xf6, 0x5e, 0x15, 0x32, 0x76, 0x14, 0xef, 0xef, + 0x77, 0xc3, 0x70, 0x4c, 0xa2, 0xf0, 0x06, 0x5e, 0x10, 0x6b, 0x88, 0x0e, 0xa4, 0xe6, 0xcd, 0x58, + 0xc2, 0xe9, 0x5a, 0x13, 0x39, 0xe9, 0x86, 0x58, 0x44, 0xd4, 0x5a, 0xb3, 0xec, 0xa4, 0x1b, 0x98, + 0x41, 0xd0, 0xfb, 0xe1, 0x64, 0xea, 0xc4, 0x2d, 0x92, 0x62, 0xb2, 0xc5, 0x3e, 0xab, 0x38, 0x17, + 0x7b, 0x44, 0xe0, 0x9e, 0x5c, 0xcd, 0x40, 0x71, 0x0e, 0x1b, 0xbd, 0x01, 0x95, 0x0d, 0xe2, 0xb7, + 0x45, 0x97, 0xaf, 0x14, 0xa7, 0xe3, 0xd9, 0xbb, 0x5e, 0x21, 0x7e, 0x9b, 0x6b, 0x20, 0xfa, 0x0b, + 0x33, 0x56, 0x74, 0xbc, 0xd5, 0x37, 0x3b, 0x49, 0x1a, 0xb6, 0xbd, 0x37, 0xa5, 0x3b, 0xe8, 0x83, + 0x05, 0x33, 0xbe, 0x26, 0xe9, 0x73, 0x07, 0x82, 0xfa, 0x8b, 0x35, 0x67, 0x26, 0x47, 0xd3, 0x8b, + 0xd9, 0xa7, 0xda, 0x11, 0x5e, 0x9d, 0xa2, 0xe5, 0x98, 0x95, 0xf4, 0xb9, 0x1c, 0xea, 0x2f, 0xd6, + 0x9c, 0xd1, 0x8e, 0x1a, 0xf7, 0x23, 0x4c, 0x86, 0x1b, 0x05, 0xcb, 0xc0, 0xc7, 0x7c, 0xcf, 0xf1, + 0xff, 0x14, 0x54, 0xdd, 0x0d, 0x27, 0x4e, 0xc7, 0x47, 0xd9, 0xa0, 0x51, 0x8e, 0x8c, 0x19, 0xda, + 0x88, 0x39, 0x0c, 0x3d, 0x01, 0xe5, 0x98, 0xac, 0xb3, 0xf8, 0x3d, 0x23, 0xb2, 0x03, 0x93, 0x75, + 0x4c, 0xdb, 0xed, 0x5f, 0x2a, 0x65, 0xcd, 0xa5, 0xec, 0x7b, 0xf3, 0xd1, 0xee, 0x76, 0xe2, 0x44, + 0x3a, 0x3b, 0x8c, 0xd1, 0xce, 0x9a, 0xb1, 0x84, 0xa3, 0x4f, 0x59, 0x30, 0x7c, 0x3b, 0x09, 0x83, + 0x80, 0xa4, 0x62, 0x69, 0xba, 0x59, 0x70, 0x57, 0x5c, 0xe5, 0xd4, 0xb5, 0x0c, 0xa2, 0x01, 0x4b, + 0xbe, 0x54, 0x5c, 0xb2, 0xed, 0xfa, 0x9d, 0x66, 0xd7, 0x81, 0xfe, 0x25, 0xde, 0x8c, 0x25, 0x9c, + 0xa2, 0x7a, 0x01, 0x47, 0xad, 0x64, 0x51, 0xe7, 0x03, 0x81, 0x2a, 0xe0, 0xf6, 0x5f, 0x1e, 0x82, + 0x73, 0x3d, 0x27, 0x07, 0x35, 0x64, 0x98, 0xa9, 0x70, 0xd9, 0xf3, 0x89, 0x0c, 0x53, 0x61, 0x86, + 0xcc, 0x4d, 0xd5, 0x8a, 0x0d, 0x0c, 0xf4, 0x93, 0x00, 0x91, 0x13, 0x3b, 0x6d, 0x22, 0x16, 0xf0, + 0xf2, 0xd1, 0xed, 0x05, 0x2a, 0xc7, 0xb2, 0xa4, 0xa9, 0xf7, 0xa6, 0xaa, 0x29, 0xc1, 0x06, 0x4b, + 0xf4, 0x22, 0x8c, 0xc4, 0xc4, 0x27, 0x4e, 0xc2, 0xc2, 0x3f, 0xf3, 0xb1, 0xec, 0x58, 0x83, 0xb0, + 0x89, 0x87, 0x9e, 0x56, 0x11, 0x3d, 0xb9, 0xe8, 0x87, 0x6c, 0x54, 0x0f, 0xfa, 0xa2, 0x05, 0x27, + 0xd7, 0x3d, 0x9f, 0x68, 0xee, 0x22, 0xf2, 0x7c, 0xe9, 0xe8, 0x2f, 0x79, 0xd9, 0xa4, 0xab, 0x35, + 0x64, 0xa6, 0x39, 0xc1, 0x39, 0xf6, 0xf4, 0x33, 0x6f, 0x91, 0x98, 0xa9, 0xd6, 0xa1, 0xec, 0x67, + 0xbe, 0xc9, 0x9b, 0xb1, 0x84, 0xa3, 0x69, 0x38, 0x15, 0x39, 0x49, 0x32, 0x13, 0x93, 0x26, 0x09, + 0x52, 0xcf, 0xf1, 0x79, 0x5c, 0x78, 0x4d, 0xc7, 0x85, 0x2e, 0x67, 0xc1, 0x38, 0x8f, 0x8f, 0x3e, + 0x04, 0x8f, 0x7a, 0xad, 0x20, 0x8c, 0xc9, 0xa2, 0x97, 0x24, 0x5e, 0xd0, 0xd2, 0xc3, 0x40, 0x38, + 0x3d, 0x26, 0x04, 0xa9, 0x47, 0xe7, 0x7b, 0xa3, 0xe1, 0x7e, 0xcf, 0xa3, 0x67, 0xa1, 0x96, 0x6c, + 0x7a, 0xd1, 0x4c, 0xdc, 0x4c, 0x98, 0x83, 0xbc, 0xa6, 0x5d, 0x6c, 0x2b, 0xa2, 0x1d, 0x2b, 0x0c, + 0xe4, 0xc2, 0x28, 0xff, 0x24, 0x3c, 0x6c, 0x49, 0xe8, 0xc7, 0xe7, 0xfa, 0x2e, 0x8f, 0x22, 0x75, + 0x69, 0x12, 0x3b, 0x77, 0x2e, 0x49, 0x77, 0x7d, 0xe3, 0xf4, 0xde, 0xee, 0xc4, 0xe8, 0x4d, 0x83, + 0x0c, 0xce, 0x10, 0xb5, 0x7f, 0xa1, 0x94, 0xdd, 0x71, 0x9b, 0x93, 0x14, 0x25, 0x74, 0x2a, 0xa6, + 0x37, 0x9d, 0x58, 0x7a, 0x63, 0x8e, 0x18, 0xbe, 0x2e, 0xe8, 0xde, 0x74, 0x62, 0x73, 0x52, 0x33, + 0x06, 0x58, 0x72, 0x42, 0xb7, 0xa1, 0x92, 0xfa, 0x4e, 0x41, 0xf9, 0x2e, 0x06, 0x47, 0xed, 0x00, + 0x59, 0x98, 0x4e, 0x30, 0xe3, 0x81, 0x1e, 0xa7, 0x56, 0xff, 0x9a, 0x8c, 0x71, 0x13, 0x86, 0xfa, + 0x5a, 0x82, 0x59, 0xab, 0xfd, 0xff, 0x6a, 0x3d, 0xf4, 0xaa, 0x5a, 0xc8, 0xd0, 0x45, 0x00, 0xba, + 0x81, 0x5c, 0x8e, 0xc9, 0xba, 0xb7, 0x2d, 0x0c, 0x09, 0x35, 0x77, 0xaf, 0x2b, 0x08, 0x36, 0xb0, + 0xe4, 0x33, 0x2b, 0x9d, 0x75, 0xfa, 0x4c, 0xa9, 0xfb, 0x19, 0x0e, 0xc1, 0x06, 0x16, 0x7a, 0x01, + 0x86, 0xbc, 0xb6, 0xd3, 0x52, 0xa1, 0x78, 0x8f, 0xd3, 0x49, 0x3b, 0xcf, 0x5a, 0xee, 0xee, 0x4e, + 0x9c, 0x54, 0x02, 0xb1, 0x26, 0x2c, 0x70, 0xd1, 0xaf, 0x58, 0x30, 0xea, 0x86, 0xed, 0x76, 0x18, + 0xf0, 0x6d, 0x97, 0xd8, 0x43, 0xde, 0x3e, 0xae, 0x65, 0x7e, 0x72, 0xc6, 0x60, 0xc6, 0x37, 0x91, + 0x2a, 0x31, 0xc7, 0x04, 0xe1, 0x8c, 0x54, 0xe6, 0xdc, 0xae, 0xee, 0x33, 0xb7, 0x7f, 0xdd, 0x82, + 0x31, 0xfe, 0xac, 0xb1, 0x1b, 0x14, 0x39, 0x28, 0xe1, 0x31, 0xbf, 0x56, 0xd7, 0x06, 0x59, 0x79, + 0xe9, 0xba, 0xe0, 0xb8, 0x5b, 0x48, 0x34, 0x07, 0x63, 0xeb, 0x61, 0xec, 0x12, 0xb3, 0x23, 0x84, + 0x62, 0x52, 0x84, 0x2e, 0xe7, 0x11, 0x70, 0xf7, 0x33, 0xe8, 0x26, 0x3c, 0x62, 0x34, 0x9a, 0xfd, + 0xc0, 0x75, 0xd3, 0x93, 0x82, 0xda, 0x23, 0x97, 0x7b, 0x62, 0xe1, 0x3e, 0x4f, 0x67, 0x1d, 0x26, + 0xf5, 0x01, 0x1c, 0x26, 0xaf, 0xc3, 0x63, 0x6e, 0x77, 0xcf, 0x6c, 0x25, 0x9d, 0xb5, 0x84, 0x6b, + 0xaa, 0x5a, 0xe3, 0x07, 0x04, 0x81, 0xc7, 0x66, 0xfa, 0x21, 0xe2, 0xfe, 0x34, 0xd0, 0xc7, 0xa0, + 0x16, 0x13, 0xf6, 0x55, 0x12, 0x91, 0x90, 0x71, 0xc4, 0x5d, 0xb2, 0xb6, 0x40, 0x39, 0x59, 0xad, + 0x7b, 0x45, 0x43, 0x82, 0x15, 0xc7, 0xf3, 0x1f, 0x80, 0xb1, 0xae, 0xf1, 0x7c, 0x20, 0x9f, 0xc5, + 0x2c, 0x3c, 0xd2, 0x7b, 0xe4, 0x1c, 0xc8, 0x73, 0xf1, 0x0f, 0x72, 0x71, 0x86, 0x86, 0x35, 0x39, + 0x80, 0x17, 0xcc, 0x81, 0x32, 0x09, 0xb6, 0x84, 0x22, 0xbd, 0x7c, 0xb4, 0xde, 0xbb, 0x14, 0x6c, + 0xf1, 0x81, 0xcf, 0xb6, 0xfa, 0x97, 0x82, 0x2d, 0x4c, 0x69, 0xa3, 0x2f, 0x5b, 0x19, 0x6b, 0x88, + 0xfb, 0xce, 0x3e, 0x72, 0x2c, 0xe6, 0xf3, 0xc0, 0x06, 0x92, 0xfd, 0x2f, 0x4b, 0x70, 0x61, 0x3f, + 0x22, 0x03, 0x74, 0xdf, 0x53, 0x30, 0x94, 0xb0, 0x23, 0x50, 0xa1, 0x99, 0x46, 0xa8, 0x56, 0xe2, + 0x87, 0xa2, 0xaf, 0x63, 0x01, 0x42, 0x3e, 0x94, 0xdb, 0x4e, 0x24, 0x5c, 0x2a, 0xf3, 0x47, 0xcd, + 0x2a, 0xa0, 0xff, 0x1d, 0x7f, 0xd1, 0x89, 0xf8, 0x46, 0xdd, 0x68, 0xc0, 0x94, 0x0d, 0x4a, 0xa1, + 0xea, 0xc4, 0xb1, 0x23, 0xcf, 0xdb, 0xae, 0x15, 0xc3, 0x6f, 0x9a, 0x92, 0x6c, 0x8c, 0xed, 0xed, + 0x4e, 0x9c, 0xc8, 0x34, 0x61, 0xce, 0xcc, 0xfe, 0xdc, 0x70, 0x26, 0xb2, 0x9e, 0x1d, 0xa2, 0x26, + 0x30, 0x24, 0x3c, 0x29, 0x56, 0xd1, 0xc9, 0x1c, 0x3c, 0x35, 0x8a, 0x6d, 0x96, 0x44, 0x82, 0xa9, + 0x60, 0x85, 0x3e, 0x6b, 0xb1, 0x34, 0x4e, 0x99, 0x6d, 0x20, 0xb6, 0x28, 0xc7, 0x93, 0x55, 0x6a, + 0x26, 0x87, 0xca, 0x46, 0x6c, 0x72, 0xa7, 0x4b, 0x57, 0xc4, 0x13, 0x92, 0xf2, 0x1b, 0x15, 0x99, + 0xe8, 0x29, 0xe1, 0x68, 0xbb, 0xc7, 0x61, 0x69, 0x01, 0xa9, 0x80, 0x03, 0x1c, 0x8f, 0x7e, 0xdd, + 0x82, 0x31, 0x6e, 0x8e, 0xce, 0x7a, 0xeb, 0xeb, 0x24, 0x26, 0x81, 0x4b, 0xa4, 0x41, 0x7f, 0xc4, + 0xe3, 0x78, 0xe9, 0xbe, 0x9a, 0xcf, 0x93, 0xd7, 0x6b, 0x5a, 0x17, 0x08, 0x77, 0x0b, 0x83, 0x9a, + 0x50, 0xf1, 0x82, 0xf5, 0x50, 0xac, 0xe4, 0x8d, 0xa3, 0x09, 0x35, 0x1f, 0xac, 0x87, 0x7a, 0x36, + 0xd3, 0x7f, 0x98, 0x51, 0x47, 0x0b, 0x70, 0x36, 0x16, 0x2e, 0x97, 0x2b, 0x5e, 0x42, 0x37, 0xc6, + 0x0b, 0x5e, 0xdb, 0x4b, 0xd9, 0x2a, 0x5c, 0x6e, 0x8c, 0xef, 0xed, 0x4e, 0x9c, 0xc5, 0x3d, 0xe0, + 0xb8, 0xe7, 0x53, 0xe8, 0x4d, 0x18, 0x96, 0x79, 0xa7, 0xb5, 0x22, 0x36, 0x47, 0xdd, 0xe3, 0x5f, + 0x0d, 0xa6, 0x15, 0x91, 0x62, 0x2a, 0x19, 0xda, 0x5f, 0x1c, 0x81, 0xee, 0xb3, 0x41, 0xf4, 0x71, + 0xa8, 0xc7, 0x2a, 0x17, 0xd6, 0x2a, 0x22, 0xbe, 0x4f, 0x7e, 0x5f, 0x71, 0x2e, 0xa9, 0xec, 0x01, + 0x9d, 0xf5, 0xaa, 0x39, 0x52, 0xab, 0x3d, 0xd1, 0x47, 0x88, 0x05, 0x8c, 0x6d, 0xc1, 0x55, 0x1f, + 0x0f, 0xed, 0x04, 0x2e, 0x66, 0x3c, 0x50, 0x0c, 0x43, 0x1b, 0xc4, 0xf1, 0xd3, 0x8d, 0x62, 0x3c, + 0xd9, 0x57, 0x18, 0xad, 0x7c, 0xd6, 0x04, 0x6f, 0xc5, 0x82, 0x13, 0xda, 0x86, 0xe1, 0x0d, 0x3e, + 0x00, 0x84, 0x21, 0xbd, 0x78, 0xd4, 0xce, 0xcd, 0x8c, 0x2a, 0xfd, 0xb9, 0x45, 0x03, 0x96, 0xec, + 0x58, 0xa4, 0x85, 0x71, 0x2c, 0xce, 0xa7, 0x6e, 0x71, 0x09, 0x23, 0x83, 0x9f, 0x89, 0x7f, 0x14, + 0x46, 0x63, 0xe2, 0x86, 0x81, 0xeb, 0xf9, 0xa4, 0x39, 0x2d, 0xbd, 0xd4, 0x07, 0x49, 0x33, 0x60, + 0x9b, 0x51, 0x6c, 0xd0, 0xc0, 0x19, 0x8a, 0xe8, 0x33, 0x16, 0x9c, 0x54, 0x09, 0x74, 0xf4, 0x83, + 0x10, 0xe1, 0x15, 0x5d, 0x28, 0x28, 0x5d, 0x8f, 0xd1, 0x6c, 0xa0, 0xbd, 0xdd, 0x89, 0x93, 0xd9, + 0x36, 0x9c, 0xe3, 0x8b, 0x5e, 0x05, 0x08, 0xd7, 0x78, 0x38, 0xc5, 0x74, 0x2a, 0x5c, 0xa4, 0x07, + 0x79, 0xd5, 0x93, 0x3c, 0xdf, 0x48, 0x52, 0xc0, 0x06, 0x35, 0x74, 0x0d, 0x80, 0x4f, 0x9b, 0xd5, + 0x9d, 0x48, 0x5a, 0xdb, 0x32, 0x4f, 0x04, 0x56, 0x14, 0xe4, 0xee, 0xee, 0x44, 0xb7, 0xcb, 0x8a, + 0x9d, 0xde, 0x1b, 0x8f, 0xa3, 0x9f, 0x80, 0xe1, 0xa4, 0xd3, 0x6e, 0x3b, 0xca, 0x81, 0x5a, 0x60, + 0x06, 0x13, 0xa7, 0x6b, 0xa8, 0x22, 0xde, 0x80, 0x25, 0x47, 0x74, 0x9b, 0x2a, 0xd5, 0x44, 0xf8, + 0xd2, 0xd8, 0x2c, 0xe2, 0x36, 0xc1, 0x08, 0x7b, 0xa7, 0xf7, 0xc9, 0xe8, 0x10, 0xdc, 0x03, 0xe7, + 0xee, 0xee, 0xc4, 0x23, 0xd9, 0xf6, 0x85, 0x50, 0xe4, 0x14, 0xf5, 0xa4, 0x89, 0xae, 0xca, 0x32, + 0x14, 0xf4, 0xb5, 0x65, 0x76, 0xf4, 0x33, 0xba, 0x0c, 0x05, 0x6b, 0xee, 0xdf, 0x67, 0xe6, 0xc3, + 0x68, 0x11, 0xce, 0xb8, 0x61, 0x90, 0xc6, 0xa1, 0xef, 0xf3, 0xda, 0x2a, 0x7c, 0xe3, 0xc3, 0x1d, + 0xac, 0xef, 0x14, 0x62, 0x9f, 0x99, 0xe9, 0x46, 0xc1, 0xbd, 0x9e, 0xb3, 0x83, 0x6c, 0x9c, 0x99, + 0xe8, 0x9c, 0x17, 0x60, 0x94, 0x6c, 0xa7, 0x24, 0x0e, 0x1c, 0xff, 0x06, 0x5e, 0x90, 0xae, 0x45, + 0x36, 0x07, 0x2e, 0x19, 0xed, 0x38, 0x83, 0x85, 0x6c, 0xb5, 0xdb, 0x2f, 0xe9, 0xc4, 0x3b, 0xbe, + 0xdb, 0x97, 0x7b, 0x7b, 0xfb, 0x7f, 0x95, 0x32, 0x06, 0xd9, 0x6a, 0x4c, 0x08, 0x0a, 0xa1, 0x1a, + 0x84, 0x4d, 0xa5, 0xfb, 0xaf, 0x16, 0xa3, 0xfb, 0xaf, 0x87, 0x4d, 0xa3, 0x56, 0x05, 0xfd, 0x97, + 0x60, 0xce, 0x87, 0x25, 0xf3, 0xcb, 0xaa, 0x07, 0x0c, 0x20, 0x36, 0x1a, 0x45, 0x72, 0x56, 0xc9, + 0xfc, 0x4b, 0x26, 0x23, 0x9c, 0xe5, 0x8b, 0x36, 0xa1, 0xba, 0x11, 0x26, 0xa9, 0xdc, 0x7e, 0x1c, + 0x71, 0xa7, 0x73, 0x25, 0x4c, 0x52, 0x66, 0x45, 0xa8, 0xd7, 0xa6, 0x2d, 0x09, 0xe6, 0x3c, 0xec, + 0xff, 0x64, 0x65, 0x1c, 0xc9, 0xb7, 0x58, 0xcc, 0xe5, 0x16, 0x09, 0xe8, 0xb4, 0x36, 0xe3, 0x6d, + 0xfe, 0x6c, 0x2e, 0xf1, 0xeb, 0x5d, 0xfd, 0x2a, 0x07, 0xdd, 0xa1, 0x14, 0x26, 0x19, 0x09, 0x23, + 0x34, 0xe7, 0x93, 0x56, 0x36, 0x05, 0xaf, 0x54, 0xc4, 0x06, 0xc3, 0x4c, 0x31, 0xdd, 0x37, 0x9b, + 0xcf, 0xfe, 0xb2, 0x05, 0xc3, 0x0d, 0xc7, 0xdd, 0x0c, 0xd7, 0xd7, 0xd1, 0xb3, 0x50, 0x6b, 0x76, + 0x62, 0x33, 0x1b, 0x50, 0xed, 0x9e, 0x67, 0x45, 0x3b, 0x56, 0x18, 0x74, 0x0c, 0xaf, 0x3b, 0xae, + 0x4c, 0x34, 0x2d, 0xf3, 0x31, 0x7c, 0x99, 0xb5, 0x60, 0x01, 0x41, 0x2f, 0xc2, 0x48, 0xdb, 0xd9, + 0x96, 0x0f, 0xe7, 0xbd, 0xd8, 0x8b, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0x9f, 0x59, 0x30, 0xde, 0x70, + 0x12, 0xcf, 0x9d, 0xee, 0xa4, 0x1b, 0x0d, 0x2f, 0x5d, 0xeb, 0xb8, 0x9b, 0x24, 0xe5, 0xd9, 0xc5, + 0x54, 0xca, 0x4e, 0x42, 0xa7, 0x92, 0xda, 0xd7, 0x29, 0x29, 0x6f, 0x88, 0x76, 0xac, 0x30, 0xd0, + 0x9b, 0x30, 0x12, 0x39, 0x49, 0x72, 0x27, 0x8c, 0x9b, 0x98, 0xac, 0x17, 0x93, 0xdb, 0xbf, 0x42, + 0xdc, 0x98, 0xa4, 0x98, 0xac, 0x8b, 0x93, 0x56, 0x4d, 0x1f, 0x9b, 0xcc, 0xec, 0x2f, 0x58, 0xf0, + 0x58, 0x83, 0x38, 0x31, 0x89, 0x59, 0x29, 0x00, 0xf5, 0x22, 0x33, 0x7e, 0xd8, 0x69, 0xa2, 0x37, + 0xa0, 0x96, 0xd2, 0x66, 0x2a, 0x96, 0x55, 0xac, 0x58, 0xec, 0xa0, 0x74, 0x55, 0x10, 0xc7, 0x8a, + 0x8d, 0xfd, 0x57, 0x2c, 0x18, 0x65, 0x67, 0x4e, 0xb3, 0x24, 0x75, 0x3c, 0xbf, 0xab, 0x62, 0x8e, + 0x35, 0x60, 0xc5, 0x9c, 0x0b, 0x50, 0xd9, 0x08, 0xdb, 0x24, 0x7f, 0x5e, 0x7a, 0x25, 0xa4, 0xdb, + 0x6a, 0x0a, 0x41, 0xcf, 0xd3, 0x0f, 0xef, 0x05, 0xa9, 0x43, 0xa7, 0x80, 0xf4, 0x69, 0x9e, 0xe2, + 0x1f, 0x5d, 0x35, 0x63, 0x13, 0xc7, 0xfe, 0xad, 0x3a, 0x0c, 0x8b, 0x43, 0xf5, 0x81, 0x33, 0xcc, + 0xe5, 0xfe, 0xbe, 0xd4, 0x77, 0x7f, 0x9f, 0xc0, 0x90, 0xcb, 0xea, 0x71, 0x09, 0x33, 0xf2, 0x5a, + 0x21, 0x51, 0x18, 0xbc, 0xc4, 0x97, 0x16, 0x8b, 0xff, 0xc7, 0x82, 0x15, 0xfa, 0x92, 0x05, 0xa7, + 0xdc, 0x30, 0x08, 0x88, 0xab, 0x6d, 0x9c, 0x4a, 0x11, 0x87, 0xed, 0x33, 0x59, 0xa2, 0xfa, 0xc0, + 0x23, 0x07, 0xc0, 0x79, 0xf6, 0xe8, 0x65, 0x38, 0xc1, 0xfb, 0xec, 0x66, 0xc6, 0x11, 0xab, 0x0b, + 0xa9, 0x98, 0x40, 0x9c, 0xc5, 0x45, 0x93, 0xdc, 0xa1, 0x2d, 0x4a, 0x96, 0x0c, 0xe9, 0xd3, 0x33, + 0xa3, 0x58, 0x89, 0x81, 0x81, 0x62, 0x40, 0x31, 0x59, 0x8f, 0x49, 0xb2, 0x21, 0x82, 0x0e, 0x98, + 0x7d, 0x35, 0x7c, 0xb8, 0x8c, 0x55, 0xdc, 0x45, 0x09, 0xf7, 0xa0, 0x8e, 0x36, 0xc5, 0x06, 0xb3, + 0x56, 0x84, 0x0e, 0x15, 0x9f, 0xb9, 0xef, 0x3e, 0x73, 0x02, 0xaa, 0xc9, 0x86, 0x13, 0x37, 0x99, + 0x5d, 0x57, 0xe6, 0x59, 0x12, 0x2b, 0xb4, 0x01, 0xf3, 0x76, 0x34, 0x0b, 0xa7, 0x73, 0x65, 0x60, + 0x12, 0xe1, 0x30, 0x55, 0xa1, 0xfd, 0xb9, 0x02, 0x32, 0x09, 0xee, 0x7a, 0xc2, 0x74, 0x3e, 0x8c, + 0xec, 0xe3, 0x7c, 0xd8, 0x51, 0xa1, 0x6d, 0xa3, 0x6c, 0x7d, 0x7c, 0xa5, 0x90, 0x0e, 0x18, 0x28, + 0x8e, 0xed, 0xf3, 0xb9, 0x38, 0xb6, 0x13, 0x4c, 0x80, 0x9b, 0xc5, 0x08, 0x70, 0xf0, 0xa0, 0xb5, + 0x07, 0x19, 0x84, 0xf6, 0x3f, 0x2c, 0x90, 0xdf, 0x75, 0xc6, 0x71, 0x37, 0x08, 0x1d, 0x32, 0xe8, + 0xfd, 0x70, 0x52, 0x6d, 0xa1, 0x67, 0xc2, 0x4e, 0xc0, 0xe3, 0xcf, 0xca, 0xfa, 0x64, 0x14, 0x67, + 0xa0, 0x38, 0x87, 0x8d, 0xa6, 0xa0, 0x4e, 0xfb, 0x89, 0x3f, 0xca, 0xd7, 0x5a, 0xb5, 0x4d, 0x9f, + 0x5e, 0x9e, 0x17, 0x4f, 0x69, 0x1c, 0x14, 0xc2, 0x98, 0xef, 0x24, 0x29, 0x93, 0x80, 0xee, 0xa8, + 0x0f, 0x99, 0x2f, 0xce, 0xe2, 0xc7, 0x17, 0xf2, 0x84, 0x70, 0x37, 0x6d, 0xfb, 0xdb, 0x15, 0x38, + 0x91, 0xd1, 0x8c, 0x07, 0x5c, 0xa4, 0x9f, 0x85, 0x9a, 0x5c, 0x37, 0xf3, 0x55, 0x2b, 0xd4, 0xe2, + 0xaa, 0x30, 0xe8, 0xa2, 0xb5, 0xa6, 0x57, 0xd5, 0xbc, 0x51, 0x61, 0x2c, 0xb8, 0xd8, 0xc4, 0x63, + 0x4a, 0x39, 0xf5, 0x93, 0x19, 0xdf, 0x23, 0x41, 0xca, 0xc5, 0x2c, 0x46, 0x29, 0xaf, 0x2e, 0xac, + 0x98, 0x44, 0xb5, 0x52, 0xce, 0x01, 0x70, 0x9e, 0x3d, 0xfa, 0x69, 0x0b, 0x4e, 0x38, 0x77, 0x12, + 0x5d, 0x34, 0x52, 0x44, 0xac, 0x1d, 0x71, 0x91, 0xca, 0xd4, 0xa1, 0xe4, 0x2e, 0xdf, 0x4c, 0x13, + 0xce, 0x32, 0x45, 0x5f, 0xb5, 0x00, 0x91, 0x6d, 0xe2, 0xca, 0x98, 0x3a, 0x21, 0xcb, 0x50, 0x11, + 0x3b, 0xcd, 0x4b, 0x5d, 0x74, 0xb9, 0x56, 0xef, 0x6e, 0xc7, 0x3d, 0x64, 0xb0, 0xff, 0x71, 0x59, + 0x4d, 0x28, 0x1d, 0xc6, 0xe9, 0x18, 0xe1, 0x64, 0xd6, 0xe1, 0xc3, 0xc9, 0xf4, 0xb1, 0x7c, 0x77, + 0x1a, 0x5a, 0x26, 0xfd, 0xa6, 0xf4, 0x80, 0xd2, 0x6f, 0x7e, 0xca, 0xca, 0xd4, 0x67, 0x19, 0xb9, + 0xf8, 0x6a, 0xb1, 0x21, 0xa4, 0x93, 0x3c, 0x64, 0x20, 0xa7, 0xdd, 0xb3, 0x91, 0x22, 0x54, 0x9b, + 0x1a, 0x68, 0x07, 0xd2, 0x86, 0xff, 0xb6, 0x0c, 0x23, 0xc6, 0x4a, 0xda, 0xd3, 0x2c, 0xb2, 0x1e, + 0x32, 0xb3, 0xa8, 0x74, 0x00, 0xb3, 0xe8, 0x27, 0xa1, 0xee, 0x4a, 0x2d, 0x5f, 0x4c, 0x85, 0xd2, + 0xfc, 0xda, 0xa1, 0x15, 0xbd, 0x6a, 0xc2, 0x9a, 0x27, 0x9a, 0xcb, 0xe4, 0xaf, 0x88, 0x15, 0xa2, + 0xc2, 0x56, 0x88, 0x5e, 0x09, 0x26, 0x62, 0xa5, 0xe8, 0x7e, 0x86, 0x95, 0xf1, 0x89, 0x3c, 0xf1, + 0x5e, 0x32, 0xd0, 0x9b, 0x97, 0xf1, 0x59, 0x9e, 0x97, 0xcd, 0xd8, 0xc4, 0xb1, 0xbf, 0x6d, 0xa9, + 0x8f, 0x7b, 0x1f, 0x92, 0xda, 0x6f, 0x67, 0x93, 0xda, 0x2f, 0x15, 0xd2, 0xcd, 0x7d, 0xb2, 0xd9, + 0xaf, 0xc3, 0xf0, 0x4c, 0xd8, 0x6e, 0x3b, 0x41, 0x13, 0xfd, 0x20, 0x0c, 0xbb, 0xfc, 0xa7, 0x70, + 0xec, 0xb0, 0xe3, 0x41, 0x01, 0xc5, 0x12, 0x86, 0x1e, 0x87, 0x8a, 0x13, 0xb7, 0xa4, 0x33, 0x87, + 0x45, 0x98, 0x4c, 0xc7, 0xad, 0x04, 0xb3, 0x56, 0xfb, 0xef, 0x57, 0x00, 0x66, 0xc2, 0x76, 0xe4, + 0xc4, 0xa4, 0xb9, 0x1a, 0xb2, 0x0a, 0x69, 0xc7, 0x7a, 0xa8, 0xa6, 0x37, 0x4b, 0x0f, 0xf3, 0xc1, + 0x9a, 0x71, 0xb8, 0x52, 0xbe, 0xcf, 0x87, 0x2b, 0x7d, 0xce, 0xcb, 0x2a, 0x0f, 0xd1, 0x79, 0x99, + 0xfd, 0x39, 0x0b, 0x10, 0x1d, 0x34, 0x61, 0x40, 0x82, 0x54, 0x1f, 0x68, 0x4f, 0x41, 0xdd, 0x95, + 0xad, 0xc2, 0xb0, 0xd2, 0x2a, 0x42, 0x02, 0xb0, 0xc6, 0x19, 0x60, 0x87, 0xfc, 0x94, 0xd4, 0xdf, + 0xe5, 0x6c, 0x70, 0x2a, 0xd3, 0xfa, 0x42, 0x9d, 0xdb, 0xbf, 0x5d, 0x82, 0x47, 0xf8, 0x92, 0xbc, + 0xe8, 0x04, 0x4e, 0x8b, 0xb4, 0xa9, 0x54, 0x83, 0x86, 0x28, 0xb8, 0x74, 0x6b, 0xe6, 0xc9, 0x60, + 0xd3, 0xa3, 0xce, 0x5d, 0x3e, 0xe7, 0xf8, 0x2c, 0x9b, 0x0f, 0xbc, 0x14, 0x33, 0xe2, 0x28, 0x81, + 0x9a, 0x2c, 0xc9, 0x2d, 0x74, 0x71, 0x41, 0x8c, 0x94, 0x5a, 0x12, 0xeb, 0x26, 0xc1, 0x8a, 0x11, + 0x35, 0x5c, 0xfd, 0xd0, 0xdd, 0xc4, 0x24, 0x0a, 0x99, 0xde, 0x35, 0x62, 0xfd, 0x16, 0x44, 0x3b, + 0x56, 0x18, 0xf6, 0x6f, 0x5b, 0x90, 0x5f, 0x91, 0x8c, 0x72, 0x55, 0xd6, 0x3d, 0xcb, 0x55, 0x1d, + 0xa0, 0x5e, 0xd4, 0x8f, 0xc3, 0x88, 0x93, 0x52, 0x23, 0x82, 0x6f, 0xbb, 0xcb, 0x87, 0x3b, 0xd6, + 0x58, 0x0c, 0x9b, 0xde, 0xba, 0xc7, 0xb6, 0xdb, 0x26, 0x39, 0xfb, 0xbf, 0x55, 0x60, 0xac, 0x2b, + 0x25, 0x02, 0xbd, 0x04, 0xa3, 0xae, 0x18, 0x1e, 0x91, 0x74, 0x68, 0xd5, 0xcd, 0xd8, 0x30, 0x0d, + 0xc3, 0x19, 0xcc, 0x01, 0x06, 0xe8, 0x3c, 0x9c, 0x89, 0xe9, 0x46, 0xbf, 0x43, 0xa6, 0xd7, 0x53, + 0x12, 0xaf, 0x10, 0x37, 0x0c, 0x9a, 0xbc, 0xa8, 0x5a, 0xb9, 0xf1, 0xe8, 0xde, 0xee, 0xc4, 0x19, + 0xdc, 0x0d, 0xc6, 0xbd, 0x9e, 0x41, 0x11, 0x9c, 0xf0, 0x4d, 0x1b, 0x50, 0x6c, 0x00, 0x0e, 0x65, + 0x3e, 0x2a, 0x1b, 0x21, 0xd3, 0x8c, 0xb3, 0x0c, 0xb2, 0x86, 0x64, 0xf5, 0x01, 0x19, 0x92, 0x9f, + 0xd6, 0x86, 0x24, 0x3f, 0x7f, 0xff, 0x70, 0xc1, 0x29, 0x31, 0xc7, 0x6d, 0x49, 0xbe, 0x02, 0x35, + 0x19, 0x9b, 0x34, 0x50, 0x4c, 0x8f, 0x49, 0xa7, 0x8f, 0x46, 0xbb, 0x5b, 0x82, 0x1e, 0x9b, 0x10, + 0x3a, 0xcf, 0xf4, 0x8a, 0x9f, 0x99, 0x67, 0x07, 0x5b, 0xf5, 0xd1, 0x36, 0x8f, 0xcb, 0xe2, 0x6b, + 0xdb, 0x87, 0x8a, 0xde, 0x44, 0xe9, 0x50, 0x2d, 0x95, 0x29, 0xa0, 0xc2, 0xb5, 0x2e, 0x02, 0x68, + 0x43, 0x4d, 0xc4, 0x81, 0xab, 0x63, 0x5f, 0x6d, 0xcf, 0x61, 0x03, 0x8b, 0xee, 0xa9, 0xbd, 0x20, + 0x49, 0x1d, 0xdf, 0xbf, 0xe2, 0x05, 0xa9, 0x70, 0x0e, 0xaa, 0x45, 0x7c, 0x5e, 0x83, 0xb0, 0x89, + 0x77, 0xfe, 0x7d, 0xc6, 0x77, 0x39, 0xc8, 0xf7, 0xdc, 0x80, 0xc7, 0xe6, 0xbc, 0x54, 0x65, 0x2f, + 0xa8, 0x71, 0x44, 0xed, 0x30, 0x95, 0x8d, 0x63, 0xf5, 0xcd, 0xc6, 0x31, 0xb2, 0x07, 0x4a, 0xd9, + 0x64, 0x87, 0x7c, 0xf6, 0x80, 0xfd, 0x12, 0x9c, 0x9d, 0xf3, 0xd2, 0xcb, 0x9e, 0x4f, 0x0e, 0xc8, + 0xc4, 0xfe, 0xcd, 0x21, 0x18, 0x35, 0xf3, 0xdf, 0x0e, 0x92, 0x50, 0xf4, 0x05, 0x6a, 0x6a, 0x89, + 0xb7, 0xf3, 0xd4, 0xa1, 0xd9, 0xad, 0x23, 0x27, 0xe3, 0xf5, 0xee, 0x31, 0xc3, 0xda, 0xd2, 0x3c, + 0xb1, 0x29, 0x00, 0xba, 0x03, 0xd5, 0x75, 0x16, 0xdd, 0x5e, 0x2e, 0x22, 0xb2, 0xa0, 0x57, 0x8f, + 0xea, 0x69, 0xc6, 0xe3, 0xe3, 0x39, 0x3f, 0xba, 0x42, 0xc6, 0xd9, 0x94, 0x29, 0x23, 0x22, 0x53, + 0x24, 0x4b, 0x29, 0x8c, 0x7e, 0xaa, 0xbe, 0x7a, 0x08, 0x55, 0x9f, 0x51, 0xbc, 0x43, 0x0f, 0x48, + 0xf1, 0xb2, 0x4c, 0x85, 0x74, 0x83, 0xd9, 0x6f, 0x22, 0x84, 0x7c, 0x98, 0x75, 0x82, 0x91, 0xa9, + 0x90, 0x01, 0xe3, 0x3c, 0x3e, 0xfa, 0x84, 0x52, 0xdd, 0xb5, 0x22, 0xfc, 0xaa, 0xe6, 0x88, 0x3e, + 0x6e, 0xad, 0xfd, 0xb9, 0x12, 0x9c, 0x9c, 0x0b, 0x3a, 0xcb, 0x73, 0xcb, 0x9d, 0x35, 0xdf, 0x73, + 0xaf, 0x91, 0x1d, 0xaa, 0x9a, 0x37, 0xc9, 0xce, 0xfc, 0xac, 0x98, 0x41, 0x6a, 0xcc, 0x5c, 0xa3, + 0x8d, 0x98, 0xc3, 0xa8, 0x32, 0x5a, 0xf7, 0x82, 0x16, 0x89, 0xa3, 0xd8, 0x13, 0x2e, 0x4f, 0x43, + 0x19, 0x5d, 0xd6, 0x20, 0x6c, 0xe2, 0x51, 0xda, 0xe1, 0x9d, 0x80, 0xc4, 0x79, 0x43, 0x76, 0x89, + 0x36, 0x62, 0x0e, 0xa3, 0x48, 0x69, 0xdc, 0x49, 0x52, 0x31, 0x18, 0x15, 0xd2, 0x2a, 0x6d, 0xc4, + 0x1c, 0x46, 0x67, 0x7a, 0xd2, 0x59, 0x63, 0x81, 0x1b, 0xb9, 0x78, 0xf5, 0x15, 0xde, 0x8c, 0x25, + 0x9c, 0xa2, 0x6e, 0x92, 0x9d, 0x59, 0xba, 0xeb, 0xcd, 0xa5, 0xad, 0x5c, 0xe3, 0xcd, 0x58, 0xc2, + 0x59, 0x35, 0xb8, 0x6c, 0x77, 0x7c, 0xcf, 0x55, 0x83, 0xcb, 0x8a, 0xdf, 0x67, 0xff, 0xfc, 0xcb, + 0x16, 0x8c, 0x9a, 0xe1, 0x56, 0xa8, 0x95, 0xb3, 0x71, 0x97, 0xba, 0x8a, 0x89, 0xfe, 0x68, 0xaf, + 0x9b, 0x93, 0x5a, 0x5e, 0x1a, 0x46, 0xc9, 0x73, 0x24, 0x68, 0x79, 0x01, 0x61, 0xa7, 0xe8, 0x3c, + 0x4c, 0x2b, 0x13, 0xcb, 0x35, 0x13, 0x36, 0xc9, 0x21, 0x8c, 0x64, 0xfb, 0x16, 0x8c, 0x75, 0xe5, + 0x2a, 0x0d, 0x60, 0x5a, 0xec, 0x9b, 0x29, 0x6a, 0x63, 0x18, 0xa1, 0x84, 0x65, 0x69, 0x95, 0x19, + 0x18, 0xe3, 0x13, 0x89, 0x72, 0x5a, 0x71, 0x37, 0x48, 0x5b, 0xe5, 0x9f, 0x31, 0xff, 0xfa, 0xcd, + 0x3c, 0x10, 0x77, 0xe3, 0xdb, 0x9f, 0xb7, 0xe0, 0x44, 0x26, 0x7d, 0xac, 0x20, 0x23, 0x88, 0xcd, + 0xb4, 0x90, 0x45, 0xff, 0xb1, 0x10, 0xe8, 0x32, 0x5b, 0x4c, 0xf5, 0x4c, 0xd3, 0x20, 0x6c, 0xe2, + 0xd9, 0x5f, 0x2e, 0x41, 0x4d, 0x46, 0x50, 0x0c, 0x20, 0xca, 0x67, 0x2d, 0x38, 0xa1, 0xce, 0x34, + 0x98, 0xb3, 0xac, 0x54, 0x44, 0xac, 0x3f, 0x95, 0x40, 0x6d, 0xb7, 0x83, 0xf5, 0x50, 0x5b, 0xe4, + 0xd8, 0x64, 0x86, 0xb3, 0xbc, 0xd1, 0x4d, 0x80, 0x64, 0x27, 0x49, 0x49, 0xdb, 0x70, 0xdb, 0xd9, + 0xc6, 0x8c, 0x9b, 0x74, 0xc3, 0x98, 0xd0, 0xf9, 0x75, 0x3d, 0x6c, 0x92, 0x15, 0x85, 0xa9, 0x4d, + 0x28, 0xdd, 0x86, 0x0d, 0x4a, 0xf6, 0xdf, 0x2d, 0xc1, 0xe9, 0xbc, 0x48, 0xe8, 0xc3, 0x30, 0x2a, + 0xb9, 0x1b, 0xb7, 0x40, 0xc9, 0xb0, 0x91, 0x51, 0x6c, 0xc0, 0xee, 0xee, 0x4e, 0x4c, 0x74, 0xdf, + 0xc2, 0x35, 0x69, 0xa2, 0xe0, 0x0c, 0x31, 0x7e, 0xb0, 0x24, 0x4e, 0x40, 0x1b, 0x3b, 0xd3, 0x51, + 0x24, 0x4e, 0x87, 0x8c, 0x83, 0x25, 0x13, 0x8a, 0x73, 0xd8, 0x68, 0x19, 0xce, 0x1a, 0x2d, 0xd7, + 0x89, 0xd7, 0xda, 0x58, 0x0b, 0x63, 0xb9, 0xb3, 0x7a, 0x5c, 0x07, 0x76, 0x75, 0xe3, 0xe0, 0x9e, + 0x4f, 0xd2, 0xd5, 0xde, 0x75, 0x22, 0xc7, 0xf5, 0xd2, 0x1d, 0xe1, 0x87, 0x54, 0xba, 0x69, 0x46, + 0xb4, 0x63, 0x85, 0x61, 0x2f, 0x42, 0x65, 0xc0, 0x11, 0x34, 0x90, 0x45, 0xff, 0x0a, 0xd4, 0x28, + 0x39, 0x69, 0xde, 0x15, 0x41, 0x32, 0x84, 0x9a, 0xbc, 0xc8, 0x01, 0xd9, 0x50, 0xf6, 0x1c, 0x79, + 0x76, 0xa7, 0x5e, 0x6b, 0x3e, 0x49, 0x3a, 0x6c, 0x93, 0x4c, 0x81, 0xe8, 0x29, 0x28, 0x93, 0xed, + 0x28, 0x7f, 0x48, 0x77, 0x69, 0x3b, 0xf2, 0x62, 0x92, 0x50, 0x24, 0xb2, 0x1d, 0xa1, 0xf3, 0x50, + 0xf2, 0x9a, 0x62, 0x91, 0x02, 0x81, 0x53, 0x9a, 0x9f, 0xc5, 0x25, 0xaf, 0x69, 0x6f, 0x43, 0x5d, + 0xdd, 0x1c, 0x81, 0x36, 0xa5, 0xee, 0xb6, 0x8a, 0x08, 0x79, 0x92, 0x74, 0xfb, 0x68, 0xed, 0x0e, + 0x80, 0xce, 0xa3, 0x2b, 0x4a, 0xbf, 0x5c, 0x80, 0x8a, 0x1b, 0x8a, 0x1c, 0xdf, 0x9a, 0x26, 0xc3, + 0x94, 0x36, 0x83, 0xd8, 0xb7, 0xe0, 0xe4, 0xb5, 0x20, 0xbc, 0xc3, 0x4a, 0x63, 0xb3, 0x92, 0x56, + 0x94, 0xf0, 0x3a, 0xfd, 0x91, 0x37, 0x11, 0x18, 0x14, 0x73, 0x98, 0x2a, 0x7b, 0x54, 0xea, 0x57, + 0xf6, 0xc8, 0xfe, 0xa4, 0x05, 0xa7, 0x55, 0x36, 0x90, 0xd4, 0xc6, 0x2f, 0xc1, 0xe8, 0x5a, 0xc7, + 0xf3, 0x9b, 0xb2, 0x50, 0x56, 0xce, 0x4d, 0xd1, 0x30, 0x60, 0x38, 0x83, 0x49, 0x37, 0x55, 0x6b, + 0x5e, 0xe0, 0xc4, 0x3b, 0xcb, 0x5a, 0xfd, 0x2b, 0x8d, 0xd0, 0x50, 0x10, 0x6c, 0x60, 0xd9, 0x9f, + 0x35, 0x45, 0x10, 0xf9, 0x47, 0x03, 0xf4, 0xec, 0x0d, 0xa8, 0xba, 0xea, 0xac, 0xf7, 0x50, 0xc5, + 0xfc, 0x54, 0x7e, 0x39, 0xf3, 0xf7, 0x73, 0x6a, 0xf6, 0x3f, 0x29, 0xc1, 0x89, 0x4c, 0xcd, 0x12, + 0xe4, 0x43, 0x8d, 0xf8, 0xcc, 0x95, 0x27, 0x87, 0xd8, 0x51, 0xcb, 0x45, 0xaa, 0x69, 0x71, 0x49, + 0xd0, 0xc5, 0x8a, 0xc3, 0xc3, 0x71, 0xa4, 0xf6, 0x12, 0x8c, 0x4a, 0x81, 0x3e, 0xe4, 0xb4, 0x7d, + 0x31, 0x0b, 0xd5, 0x00, 0xb8, 0x64, 0xc0, 0x70, 0x06, 0xd3, 0xfe, 0x9d, 0x32, 0x8c, 0x73, 0xdf, + 0x67, 0x53, 0x45, 0xbd, 0x2c, 0x4a, 0x2b, 0xeb, 0x2f, 0xe8, 0xca, 0x42, 0xbc, 0x23, 0xd7, 0x8e, + 0x5a, 0x9d, 0xb9, 0x37, 0xa3, 0x81, 0xe2, 0x31, 0x7e, 0x31, 0x17, 0x8f, 0xc1, 0x17, 0xdb, 0xd6, + 0x31, 0x49, 0xf4, 0xbd, 0x15, 0xa0, 0xf1, 0xb7, 0x4a, 0x70, 0x2a, 0x57, 0xfa, 0x1a, 0x7d, 0x31, + 0x5b, 0xf6, 0xd1, 0x2a, 0xc2, 0x43, 0x76, 0xcf, 0x6a, 0xc8, 0x07, 0x2b, 0xfe, 0xf8, 0x80, 0xa6, + 0x8a, 0xfd, 0x7b, 0x25, 0x38, 0x99, 0xad, 0xd9, 0xfd, 0x10, 0xf6, 0xd4, 0x7b, 0xa0, 0xce, 0xca, + 0xd2, 0xb2, 0x7b, 0xc6, 0xb8, 0x23, 0x8e, 0x97, 0x32, 0x95, 0x8d, 0x58, 0xc3, 0x1f, 0x8a, 0x9a, + 0x9a, 0xf6, 0xdf, 0xb6, 0xe0, 0x1c, 0x7f, 0xcb, 0xfc, 0x38, 0xfc, 0x8b, 0xbd, 0x7a, 0xf7, 0xb5, + 0x62, 0x05, 0xcc, 0x55, 0xc4, 0xda, 0xaf, 0x7f, 0xd9, 0xfd, 0x46, 0x42, 0xda, 0xec, 0x50, 0x78, + 0x08, 0x85, 0x3d, 0xd0, 0x60, 0xb0, 0x7f, 0xaf, 0x0c, 0xfa, 0x4a, 0x27, 0xe4, 0x89, 0xcc, 0xa6, + 0x42, 0x2a, 0x83, 0xad, 0xec, 0x04, 0xae, 0xbe, 0x3c, 0xaa, 0x96, 0x4b, 0x6c, 0xfa, 0x39, 0x0b, + 0x46, 0xbc, 0xc0, 0x4b, 0x3d, 0x87, 0x19, 0xcf, 0xc5, 0x5c, 0x49, 0xa3, 0xd8, 0xcd, 0x73, 0xca, + 0x61, 0x6c, 0x7a, 0x6f, 0x15, 0x33, 0x6c, 0x72, 0x46, 0x1f, 0x15, 0x21, 0x93, 0xe5, 0xc2, 0x72, + 0xf2, 0x6a, 0xb9, 0x38, 0xc9, 0x08, 0xaa, 0x31, 0x49, 0xe3, 0x82, 0x52, 0x59, 0x31, 0x25, 0xa5, + 0x8a, 0x4c, 0xea, 0xcb, 0x35, 0x69, 0x33, 0xe6, 0x8c, 0xec, 0x04, 0x50, 0x77, 0x5f, 0x1c, 0x30, + 0x1c, 0x6d, 0x0a, 0xea, 0x4e, 0x27, 0x0d, 0xdb, 0xb4, 0x9b, 0x84, 0x83, 0x59, 0x07, 0xdc, 0x49, + 0x00, 0xd6, 0x38, 0xf6, 0x17, 0xab, 0x90, 0x4b, 0x35, 0x42, 0xdb, 0xe6, 0x75, 0x64, 0x56, 0xb1, + 0xd7, 0x91, 0x29, 0x61, 0x7a, 0x5d, 0x49, 0x86, 0x5a, 0x50, 0x8d, 0x36, 0x9c, 0x44, 0xda, 0xc6, + 0xaf, 0xc8, 0x6e, 0x5a, 0xa6, 0x8d, 0x77, 0x77, 0x27, 0x7e, 0x6c, 0x30, 0x5f, 0x0b, 0x1d, 0xab, + 0x53, 0x3c, 0x73, 0x5f, 0xb3, 0x66, 0x34, 0x30, 0xa7, 0x7f, 0x90, 0x4b, 0x79, 0x3e, 0x25, 0x0a, + 0x09, 0x63, 0x92, 0x74, 0xfc, 0x54, 0x8c, 0x86, 0x57, 0x0a, 0x9c, 0x65, 0x9c, 0xb0, 0x4e, 0x92, + 0xe5, 0xff, 0xb1, 0xc1, 0x14, 0x7d, 0x18, 0xea, 0x49, 0xea, 0xc4, 0xe9, 0x21, 0xd3, 0xda, 0x54, + 0xa7, 0xaf, 0x48, 0x22, 0x58, 0xd3, 0x43, 0xaf, 0xb2, 0x42, 0x89, 0x5e, 0xb2, 0x71, 0xc8, 0x48, + 0x67, 0x59, 0x54, 0x51, 0x50, 0xc0, 0x06, 0x35, 0xba, 0xf5, 0x60, 0x63, 0x9b, 0x87, 0xf7, 0xd4, + 0xd8, 0xde, 0x52, 0xa9, 0x42, 0xac, 0x20, 0xd8, 0xc0, 0xb2, 0x7f, 0x08, 0xb2, 0x59, 0xde, 0x68, + 0x42, 0x26, 0x95, 0x73, 0xdf, 0x13, 0x8b, 0x58, 0xce, 0xe4, 0x7f, 0xff, 0xba, 0x05, 0x66, 0x2a, + 0x3a, 0x7a, 0x83, 0xe7, 0xbc, 0x5b, 0x45, 0x9c, 0x17, 0x18, 0x74, 0x27, 0x17, 0x9d, 0x28, 0x77, + 0x70, 0x25, 0x13, 0xdf, 0xcf, 0xbf, 0x0f, 0x6a, 0x12, 0x7a, 0x20, 0xa3, 0xee, 0x13, 0x70, 0x26, + 0x7f, 0x59, 0xab, 0xf0, 0x35, 0xb7, 0xe2, 0xb0, 0x13, 0xe5, 0x37, 0x92, 0xec, 0x32, 0x4f, 0xcc, + 0x61, 0x74, 0x3b, 0xb6, 0xe9, 0x05, 0xcd, 0xfc, 0x46, 0xf2, 0x9a, 0x17, 0x34, 0x31, 0x83, 0x0c, + 0x70, 0x29, 0xdd, 0x6f, 0x58, 0x70, 0x61, 0xbf, 0x3b, 0x65, 0xd1, 0xe3, 0x50, 0xb9, 0xe3, 0xc4, + 0xb2, 0x82, 0x2d, 0x53, 0x94, 0xb7, 0x9c, 0x38, 0xc0, 0xac, 0x15, 0xed, 0xc0, 0x10, 0x8f, 0x01, + 0x11, 0xd6, 0xfa, 0x2b, 0xc5, 0xde, 0x70, 0x7b, 0x8d, 0x18, 0xdb, 0x05, 0x1e, 0x7f, 0x82, 0x05, + 0x43, 0xfb, 0x3b, 0x16, 0xa0, 0xa5, 0x2d, 0x12, 0xc7, 0x5e, 0xd3, 0x88, 0x5a, 0x41, 0x2f, 0xc0, + 0xe8, 0xed, 0x95, 0xa5, 0xeb, 0xcb, 0xa1, 0x17, 0xb0, 0xaa, 0x0f, 0x46, 0x62, 0xdb, 0x55, 0xa3, + 0x1d, 0x67, 0xb0, 0xd0, 0x0c, 0x8c, 0xdd, 0x7e, 0x83, 0x6e, 0x7e, 0xcd, 0x6a, 0xf9, 0x25, 0xed, + 0xee, 0xbc, 0xfa, 0x4a, 0x0e, 0x88, 0xbb, 0xf1, 0xd1, 0x12, 0x9c, 0x6b, 0xf3, 0xed, 0x06, 0x2f, + 0x72, 0xcd, 0xf7, 0x1e, 0x2a, 0x8d, 0xe4, 0xb1, 0xbd, 0xdd, 0x89, 0x73, 0x8b, 0xbd, 0x10, 0x70, + 0xef, 0xe7, 0xec, 0xf7, 0x01, 0xe2, 0xc1, 0x2a, 0x33, 0xbd, 0x22, 0x0f, 0xfa, 0xee, 0xc4, 0xed, + 0xaf, 0x55, 0xe1, 0x54, 0xae, 0xbe, 0x21, 0xdd, 0xea, 0x75, 0x87, 0x3a, 0x1c, 0x79, 0xfd, 0xee, + 0x16, 0x6f, 0xa0, 0xe0, 0x89, 0x00, 0xaa, 0x5e, 0x10, 0x75, 0xd2, 0x62, 0x32, 0xc7, 0xb8, 0x10, + 0xf3, 0x94, 0xa0, 0xe1, 0x24, 0xa2, 0x7f, 0x31, 0x67, 0x53, 0x64, 0x28, 0x46, 0xc6, 0x18, 0xaf, + 0x3c, 0x20, 0x77, 0xc0, 0xa7, 0x74, 0x60, 0x44, 0xb5, 0x88, 0x83, 0xfa, 0xdc, 0x60, 0x39, 0xee, + 0x03, 0xb6, 0x5f, 0x2b, 0xc1, 0x88, 0xf1, 0xd1, 0xd0, 0x2f, 0x65, 0x0b, 0xb5, 0x58, 0xc5, 0xbd, + 0x12, 0xa3, 0x3f, 0xa9, 0x4b, 0xb1, 0xf0, 0x57, 0x7a, 0xba, 0xbb, 0x46, 0xcb, 0xdd, 0xdd, 0x89, + 0xd3, 0xb9, 0x2a, 0x2c, 0x99, 0xba, 0x2d, 0xe7, 0x3f, 0x0e, 0xa7, 0x72, 0x64, 0x7a, 0xbc, 0xf2, + 0x6a, 0xf6, 0x2e, 0xde, 0x23, 0xba, 0xa5, 0xcc, 0x2e, 0x7b, 0x8b, 0x76, 0x99, 0xbe, 0xa2, 0x7d, + 0x00, 0x77, 0x5c, 0x2e, 0x47, 0xae, 0x34, 0x60, 0x8e, 0xdc, 0x33, 0x50, 0x8b, 0x42, 0xdf, 0x73, + 0x3d, 0x55, 0xd2, 0x8b, 0x65, 0xe5, 0x2d, 0x8b, 0x36, 0xac, 0xa0, 0xe8, 0x0e, 0xd4, 0xd5, 0xb5, + 0xc5, 0x22, 0x08, 0xb1, 0x28, 0x57, 0xaf, 0x32, 0x5a, 0xf4, 0x75, 0xc4, 0x9a, 0x17, 0xb2, 0x61, + 0x88, 0x2d, 0x82, 0x32, 0xe0, 0x97, 0x65, 0x70, 0xb2, 0xd5, 0x31, 0xc1, 0x02, 0x62, 0x7f, 0xa3, + 0x0e, 0x67, 0x7b, 0x15, 0x99, 0x45, 0x1f, 0x83, 0x21, 0x2e, 0x63, 0x31, 0x75, 0xcc, 0x7b, 0xf1, + 0x98, 0x63, 0x04, 0x85, 0x58, 0xec, 0x37, 0x16, 0x3c, 0x05, 0x77, 0xdf, 0x59, 0x13, 0x23, 0xe4, + 0x78, 0xb8, 0x2f, 0x38, 0x9a, 0xfb, 0x82, 0xc3, 0xb9, 0xfb, 0xce, 0x1a, 0xda, 0x86, 0x6a, 0xcb, + 0x4b, 0x89, 0x23, 0x9c, 0x08, 0xb7, 0x8e, 0x85, 0x39, 0x71, 0xb8, 0x95, 0xc6, 0x7e, 0x62, 0xce, + 0x10, 0x7d, 0xdd, 0x82, 0x53, 0x6b, 0xd9, 0x84, 0x58, 0xa1, 0x3c, 0x9d, 0x63, 0x28, 0x24, 0x9c, + 0x65, 0xc4, 0x6f, 0xa4, 0xc8, 0x35, 0xe2, 0xbc, 0x38, 0xe8, 0xd3, 0x16, 0x0c, 0xaf, 0x7b, 0xbe, + 0x51, 0x53, 0xf2, 0x18, 0x3e, 0xce, 0x65, 0xc6, 0x40, 0xef, 0x38, 0xf8, 0xff, 0x04, 0x4b, 0xce, + 0xfd, 0x56, 0xaa, 0xa1, 0xa3, 0xae, 0x54, 0xc3, 0x0f, 0x68, 0xa5, 0xfa, 0x8c, 0x05, 0x75, 0xd5, + 0xd3, 0x22, 0xc9, 0xf1, 0xc3, 0xc7, 0xf8, 0xc9, 0xb9, 0xe7, 0x44, 0xfd, 0xc5, 0x9a, 0x39, 0xfa, + 0x92, 0x05, 0x23, 0xce, 0x9b, 0x9d, 0x98, 0x34, 0xc9, 0x56, 0x18, 0x25, 0xe2, 0x16, 0xa8, 0xd7, + 0x8a, 0x17, 0x66, 0x9a, 0x32, 0x99, 0x25, 0x5b, 0x4b, 0x51, 0x22, 0x92, 0x11, 0x74, 0x03, 0x36, + 0x45, 0xb0, 0x77, 0x4b, 0x30, 0xb1, 0x0f, 0x05, 0xf4, 0x12, 0x8c, 0x86, 0x71, 0xcb, 0x09, 0xbc, + 0x37, 0xcd, 0x0c, 0x77, 0x65, 0x65, 0x2d, 0x19, 0x30, 0x9c, 0xc1, 0x34, 0xd3, 0x30, 0x4b, 0xfb, + 0xa4, 0x61, 0x5e, 0x80, 0x4a, 0x4c, 0xa2, 0x30, 0xbf, 0x59, 0x60, 0x81, 0xc0, 0x0c, 0x82, 0x9e, + 0x80, 0xb2, 0x13, 0x79, 0x22, 0xfc, 0x44, 0xed, 0x81, 0xa6, 0x97, 0xe7, 0x31, 0x6d, 0xcf, 0x64, + 0x85, 0x57, 0xef, 0x4b, 0x56, 0x38, 0x5d, 0x06, 0xc4, 0xd9, 0xc5, 0x90, 0x5e, 0x06, 0xb2, 0x67, + 0x0a, 0xf6, 0x57, 0xcb, 0xf0, 0xc4, 0x3d, 0xc7, 0x8b, 0x8e, 0xbe, 0xb1, 0xee, 0x11, 0x7d, 0x23, + 0xbb, 0xa7, 0xb4, 0x5f, 0xf7, 0x94, 0xfb, 0x74, 0xcf, 0xa7, 0xe9, 0x34, 0x90, 0x95, 0x01, 0x8a, + 0xb9, 0x90, 0xa8, 0x5f, 0xa1, 0x01, 0x31, 0x03, 0x24, 0x14, 0x6b, 0xbe, 0x74, 0x0f, 0x90, 0x49, + 0x41, 0xac, 0x16, 0xb1, 0x0c, 0xf4, 0xad, 0x14, 0xc0, 0xc7, 0x7e, 0xbf, 0xbc, 0x46, 0xfb, 0xe7, + 0x4b, 0xf0, 0xd4, 0x00, 0xda, 0xdb, 0x1c, 0xc5, 0xd6, 0x80, 0xa3, 0xf8, 0x7b, 0xfb, 0x33, 0xd9, + 0x7f, 0xc9, 0x82, 0xf3, 0xfd, 0x17, 0x0f, 0xf4, 0x3c, 0x8c, 0xac, 0xc5, 0x4e, 0xe0, 0x6e, 0xb0, + 0x4b, 0xd6, 0x64, 0xa7, 0xb0, 0xbe, 0xd6, 0xcd, 0xd8, 0xc4, 0xa1, 0xdb, 0x5b, 0x5e, 0xd8, 0xdd, + 0xc0, 0x90, 0x29, 0x63, 0x74, 0x7b, 0xbb, 0x9a, 0x07, 0xe2, 0x6e, 0x7c, 0xfb, 0x4f, 0x4a, 0xbd, + 0xc5, 0xe2, 0x46, 0xc6, 0x41, 0xbe, 0x93, 0xf8, 0x0a, 0xa5, 0x01, 0x74, 0x49, 0xf9, 0x7e, 0xeb, + 0x92, 0x4a, 0x3f, 0x5d, 0x82, 0x66, 0xe1, 0xb4, 0x71, 0x1f, 0x01, 0x4f, 0x03, 0xe4, 0x61, 0x76, + 0x2a, 0x37, 0x7e, 0x39, 0x07, 0xc7, 0x5d, 0x4f, 0xa0, 0x67, 0xa1, 0xe6, 0x05, 0x09, 0x71, 0x3b, + 0x31, 0x0f, 0xef, 0x34, 0x52, 0x2f, 0xe6, 0x45, 0x3b, 0x56, 0x18, 0xf6, 0x2f, 0x97, 0xe0, 0xb1, + 0xbe, 0x76, 0xd6, 0x7d, 0xd2, 0x5d, 0xe6, 0xe7, 0xa8, 0xdc, 0x9f, 0xcf, 0x61, 0x76, 0x52, 0x75, + 0xdf, 0x4e, 0xfa, 0xfd, 0xfe, 0x03, 0x93, 0xda, 0xdc, 0xdf, 0xb7, 0xbd, 0xf4, 0x32, 0x9c, 0x70, + 0xa2, 0x88, 0xe3, 0xb1, 0x28, 0xad, 0x5c, 0x6d, 0x8c, 0x69, 0x13, 0x88, 0xb3, 0xb8, 0x03, 0xad, + 0x9e, 0x7f, 0x68, 0x41, 0x1d, 0x93, 0x75, 0xae, 0x1d, 0xd0, 0x6d, 0xd1, 0x45, 0x56, 0x11, 0x55, + 0xf4, 0x68, 0xc7, 0x26, 0x1e, 0xab, 0x2e, 0xd7, 0xab, 0xb3, 0xbb, 0xef, 0xad, 0x28, 0x1d, 0xe8, + 0xde, 0x0a, 0x75, 0x73, 0x41, 0xb9, 0xff, 0xcd, 0x05, 0xf6, 0x5b, 0xc3, 0xf4, 0xf5, 0xa2, 0x70, + 0x26, 0x26, 0xcd, 0x84, 0x7e, 0xdf, 0x4e, 0xec, 0x8b, 0x41, 0xa2, 0xbe, 0xef, 0x0d, 0xbc, 0x80, + 0x69, 0x7b, 0xe6, 0x28, 0xa6, 0x74, 0xa0, 0xca, 0x00, 0xe5, 0x7d, 0x2b, 0x03, 0xbc, 0x0c, 0x27, + 0x92, 0x64, 0x63, 0x39, 0xf6, 0xb6, 0x9c, 0x94, 0x5c, 0x23, 0x3b, 0xc2, 0xca, 0xd2, 0xd9, 0xbc, + 0x2b, 0x57, 0x34, 0x10, 0x67, 0x71, 0xd1, 0x1c, 0x8c, 0xe9, 0xfc, 0x7c, 0x12, 0xa7, 0x2c, 0xa6, + 0x97, 0x8f, 0x04, 0x95, 0xba, 0xa7, 0x33, 0xfa, 0x05, 0x02, 0xee, 0x7e, 0x86, 0xea, 0xb7, 0x4c, + 0x23, 0x15, 0x64, 0x28, 0xab, 0xdf, 0x32, 0x74, 0xa8, 0x2c, 0x5d, 0x4f, 0xa0, 0x45, 0x38, 0xc3, + 0x07, 0xc6, 0x74, 0x14, 0x19, 0x6f, 0x34, 0x9c, 0xad, 0x5e, 0x36, 0xd7, 0x8d, 0x82, 0x7b, 0x3d, + 0x87, 0x5e, 0x84, 0x11, 0xd5, 0x3c, 0x3f, 0x2b, 0x4e, 0x11, 0x94, 0x17, 0x43, 0x91, 0x99, 0x6f, + 0x62, 0x13, 0x0f, 0x7d, 0x08, 0x1e, 0xd5, 0x7f, 0x79, 0xe2, 0x07, 0x3f, 0x5a, 0x9b, 0x15, 0xa5, + 0x4f, 0x54, 0x9d, 0xfc, 0xb9, 0x9e, 0x68, 0x4d, 0xdc, 0xef, 0x79, 0xb4, 0x06, 0xe7, 0x15, 0xe8, + 0x52, 0x90, 0xb2, 0x28, 0xee, 0x84, 0x34, 0x9c, 0x84, 0xdc, 0x88, 0x7d, 0x56, 0x2c, 0xa5, 0xae, + 0xaf, 0x30, 0x9b, 0xf3, 0xd2, 0x2b, 0xbd, 0x30, 0xf1, 0x02, 0xbe, 0x07, 0x15, 0x34, 0x05, 0x75, + 0x12, 0x38, 0x6b, 0x3e, 0x59, 0x9a, 0x99, 0x67, 0x25, 0x54, 0x8c, 0x93, 0xbc, 0x4b, 0x12, 0x80, + 0x35, 0x8e, 0x8a, 0x2b, 0x1b, 0xed, 0x7b, 0x9d, 0xde, 0x32, 0x9c, 0x6d, 0xb9, 0x11, 0xb5, 0x3d, + 0x3c, 0x97, 0x4c, 0xbb, 0x2c, 0xb6, 0x8a, 0x7e, 0x18, 0x5e, 0x56, 0x4e, 0x05, 0x4d, 0xce, 0xcd, + 0x2c, 0x77, 0xe1, 0xe0, 0x9e, 0x4f, 0xd2, 0x39, 0x16, 0xc5, 0xe1, 0xf6, 0xce, 0xf8, 0x99, 0xec, + 0x1c, 0x5b, 0xa6, 0x8d, 0x98, 0xc3, 0xd0, 0x55, 0x40, 0x2c, 0x02, 0xf7, 0x4a, 0x9a, 0x46, 0xca, + 0xd8, 0x19, 0x3f, 0xcb, 0x5e, 0xe9, 0xbc, 0x78, 0x02, 0x5d, 0xee, 0xc2, 0xc0, 0x3d, 0x9e, 0xb2, + 0xff, 0x9d, 0x05, 0x27, 0xd4, 0x7c, 0xbd, 0x0f, 0x31, 0xe8, 0x7e, 0x36, 0x06, 0x7d, 0xee, 0xe8, + 0x1a, 0x8f, 0x49, 0xde, 0x27, 0x90, 0xf1, 0x67, 0x46, 0x00, 0xb4, 0x56, 0x54, 0x0b, 0x92, 0xd5, + 0x77, 0x41, 0x7a, 0x68, 0x35, 0x52, 0xaf, 0x7a, 0x09, 0xd5, 0x07, 0x5b, 0x2f, 0x61, 0x05, 0xce, + 0x49, 0x73, 0x81, 0x9f, 0x15, 0x5d, 0x09, 0x13, 0xa5, 0xe0, 0x6a, 0x8d, 0x27, 0x04, 0xa1, 0x73, + 0xf3, 0xbd, 0x90, 0x70, 0xef, 0x67, 0x33, 0x56, 0xca, 0xf0, 0x7e, 0x56, 0x8a, 0x9e, 0xd3, 0x0b, + 0xeb, 0xb2, 0x20, 0x7e, 0x6e, 0x4e, 0x2f, 0x5c, 0x5e, 0xc1, 0x1a, 0xa7, 0xb7, 0x62, 0xaf, 0x17, + 0xa4, 0xd8, 0xe1, 0xc0, 0x8a, 0x5d, 0xaa, 0x98, 0x91, 0xbe, 0x2a, 0x46, 0xfa, 0xa4, 0x47, 0xfb, + 0xfa, 0xa4, 0xdf, 0x0f, 0x27, 0xbd, 0x60, 0x83, 0xc4, 0x5e, 0x4a, 0x9a, 0x6c, 0x2e, 0x30, 0xf5, + 0x53, 0xd3, 0xcb, 0xfa, 0x7c, 0x06, 0x8a, 0x73, 0xd8, 0x59, 0xbd, 0x78, 0x72, 0x00, 0xbd, 0xd8, + 0x67, 0x35, 0x3a, 0x55, 0xcc, 0x6a, 0x74, 0xfa, 0xe8, 0xab, 0xd1, 0xd8, 0xb1, 0xae, 0x46, 0xa8, + 0x90, 0xd5, 0x68, 0x20, 0x45, 0x6f, 0x6c, 0xff, 0xce, 0xee, 0xb3, 0xfd, 0xeb, 0xb7, 0x14, 0x9d, + 0x3b, 0xf4, 0x52, 0xd4, 0x7b, 0x95, 0x79, 0xe4, 0x50, 0xab, 0xcc, 0x67, 0x4a, 0x70, 0x4e, 0xeb, + 0x61, 0x3a, 0xfa, 0xbd, 0x75, 0xaa, 0x89, 0xd8, 0x9d, 0x2a, 0xfc, 0xdc, 0xc6, 0x48, 0x89, 0xd0, + 0xd9, 0x15, 0x0a, 0x82, 0x0d, 0x2c, 0x96, 0x59, 0x40, 0x62, 0x56, 0x3c, 0x33, 0xaf, 0xa4, 0x67, + 0x44, 0x3b, 0x56, 0x18, 0x74, 0x7c, 0xd1, 0xdf, 0x22, 0x5b, 0x2b, 0x5f, 0x22, 0x6a, 0x46, 0x83, + 0xb0, 0x89, 0x87, 0x9e, 0xe1, 0x4c, 0x98, 0x82, 0xa0, 0x8a, 0x7a, 0x54, 0x5c, 0xb2, 0x28, 0x75, + 0x82, 0x82, 0x4a, 0x71, 0x58, 0x0a, 0x49, 0xb5, 0x5b, 0x1c, 0x16, 0x02, 0xa5, 0x30, 0xec, 0xff, + 0x6e, 0xc1, 0x63, 0x3d, 0xbb, 0xe2, 0x3e, 0x2c, 0xbe, 0xdb, 0xd9, 0xc5, 0x77, 0xa5, 0xa8, 0xed, + 0x86, 0xf1, 0x16, 0x7d, 0x16, 0xe2, 0x7f, 0x63, 0xc1, 0x49, 0x8d, 0x7f, 0x1f, 0x5e, 0xd5, 0xcb, + 0xbe, 0x6a, 0x71, 0x3b, 0xab, 0x7a, 0xd7, 0xbb, 0xfd, 0x4e, 0x09, 0x54, 0xd9, 0xb6, 0x69, 0x57, + 0x16, 0xc5, 0xdc, 0xe7, 0x24, 0x71, 0x07, 0x86, 0xd8, 0x41, 0x68, 0x52, 0x4c, 0x90, 0x47, 0x96, + 0x3f, 0x3b, 0x54, 0xd5, 0x87, 0xcc, 0xec, 0x6f, 0x82, 0x05, 0x43, 0x56, 0xda, 0xd5, 0x4b, 0xa8, + 0x36, 0x6f, 0x8a, 0x64, 0x0c, 0x5d, 0xda, 0x55, 0xb4, 0x63, 0x85, 0x41, 0x97, 0x07, 0xcf, 0x0d, + 0x83, 0x19, 0xdf, 0x49, 0xe4, 0x45, 0x62, 0x6a, 0x79, 0x98, 0x97, 0x00, 0xac, 0x71, 0xd8, 0x19, + 0xa9, 0x97, 0x44, 0xbe, 0xb3, 0x63, 0xec, 0x9f, 0x8d, 0xac, 0x64, 0x05, 0xc2, 0x26, 0x9e, 0xdd, + 0x86, 0xf1, 0xec, 0x4b, 0xcc, 0x92, 0x75, 0x16, 0xa0, 0x38, 0x50, 0x77, 0x4e, 0x41, 0xdd, 0x61, + 0x4f, 0x2d, 0x74, 0x9c, 0xfc, 0xfd, 0xbf, 0xd3, 0x12, 0x80, 0x35, 0x8e, 0xfd, 0xab, 0x16, 0x9c, + 0xe9, 0xd1, 0x69, 0x05, 0x26, 0xbb, 0xa4, 0x5a, 0xdb, 0xf4, 0x5a, 0xd8, 0xdf, 0x0d, 0xc3, 0x4d, + 0xb2, 0xee, 0xc8, 0x10, 0x38, 0x43, 0xb7, 0xcf, 0xf2, 0x66, 0x2c, 0xe1, 0xf6, 0x7f, 0xb5, 0xe0, + 0x54, 0x56, 0xd6, 0x84, 0x6a, 0x67, 0xfe, 0x32, 0xb3, 0x5e, 0xe2, 0x86, 0x5b, 0x24, 0xde, 0xa1, + 0x6f, 0xce, 0xa5, 0x56, 0xda, 0x79, 0xba, 0x0b, 0x03, 0xf7, 0x78, 0x8a, 0x15, 0x6d, 0x6c, 0xaa, + 0xde, 0x96, 0x23, 0xf2, 0x66, 0x91, 0x23, 0x52, 0x7f, 0x4c, 0xf3, 0xb8, 0x5c, 0xb1, 0xc4, 0x26, + 0x7f, 0xfb, 0x3b, 0x15, 0x50, 0xd9, 0x70, 0x2c, 0xfe, 0xa8, 0xa0, 0xe8, 0xad, 0xcc, 0x9d, 0x47, + 0xe5, 0x01, 0xee, 0x3c, 0x92, 0x83, 0xa1, 0x72, 0xaf, 0x80, 0x00, 0xee, 0x25, 0x31, 0x5d, 0x97, + 0xea, 0x0d, 0x57, 0x35, 0x08, 0x9b, 0x78, 0x54, 0x12, 0xdf, 0xdb, 0x22, 0xfc, 0xa1, 0xa1, 0xac, + 0x24, 0x0b, 0x12, 0x80, 0x35, 0x0e, 0x95, 0xa4, 0xe9, 0xad, 0xaf, 0x8b, 0x2d, 0xbf, 0x92, 0x84, + 0xf6, 0x0e, 0x66, 0x10, 0x5e, 0x87, 0x37, 0xdc, 0x14, 0x56, 0xb0, 0x51, 0x87, 0x37, 0xdc, 0xc4, + 0x0c, 0x42, 0xed, 0xb6, 0x20, 0x8c, 0xdb, 0xec, 0x7e, 0xe6, 0xa6, 0xe2, 0x22, 0xac, 0x5f, 0x65, + 0xb7, 0x5d, 0xef, 0x46, 0xc1, 0xbd, 0x9e, 0xa3, 0x23, 0x30, 0x8a, 0x49, 0xd3, 0x73, 0x53, 0x93, + 0x1a, 0x64, 0x47, 0xe0, 0x72, 0x17, 0x06, 0xee, 0xf1, 0x14, 0x9a, 0x86, 0x53, 0x32, 0x9b, 0x51, + 0xd6, 0xaa, 0x18, 0xc9, 0xe6, 0xc6, 0xe3, 0x2c, 0x18, 0xe7, 0xf1, 0xa9, 0x56, 0x6b, 0x8b, 0x32, + 0x35, 0xcc, 0x58, 0x36, 0xb4, 0x9a, 0x2c, 0x5f, 0x83, 0x15, 0x86, 0xfd, 0xa9, 0x32, 0x5d, 0x85, + 0xfb, 0x94, 0x67, 0xba, 0x6f, 0xd1, 0x82, 0xd9, 0x11, 0x59, 0x19, 0x60, 0x44, 0xbe, 0x00, 0xa3, + 0xb7, 0x93, 0x30, 0x50, 0x91, 0x78, 0xd5, 0xbe, 0x91, 0x78, 0x06, 0x56, 0xef, 0x48, 0xbc, 0xa1, + 0xa2, 0x22, 0xf1, 0x86, 0x0f, 0x19, 0x89, 0xf7, 0xad, 0x2a, 0xa8, 0x0b, 0x01, 0xae, 0x93, 0xf4, + 0x4e, 0x18, 0x6f, 0x7a, 0x41, 0x8b, 0x65, 0x81, 0x7e, 0xdd, 0x82, 0x51, 0x3e, 0x5f, 0x16, 0xcc, + 0x4c, 0xaa, 0xf5, 0x82, 0x2a, 0xcd, 0x67, 0x98, 0x4d, 0xae, 0x1a, 0x8c, 0x72, 0xf7, 0xd8, 0x99, + 0x20, 0x9c, 0x91, 0x08, 0x7d, 0x1c, 0x40, 0xfa, 0x47, 0xd7, 0xa5, 0xca, 0x9c, 0x2f, 0x46, 0x3e, + 0x4c, 0xd6, 0xb5, 0x0d, 0xbc, 0xaa, 0x98, 0x60, 0x83, 0x21, 0xfa, 0x4c, 0xfe, 0xfe, 0xfa, 0x8f, + 0x1e, 0x4b, 0xdf, 0x0c, 0x92, 0x63, 0x86, 0x61, 0xd8, 0x0b, 0x5a, 0x74, 0x9c, 0x88, 0x88, 0xa5, + 0x77, 0xf5, 0xca, 0xa0, 0x5e, 0x08, 0x9d, 0x66, 0xc3, 0xf1, 0x9d, 0xc0, 0x25, 0xf1, 0x3c, 0x47, + 0x37, 0x6f, 0x6f, 0x65, 0x0d, 0x58, 0x12, 0xea, 0xba, 0x4a, 0xa1, 0x3a, 0xc8, 0x55, 0x0a, 0xe7, + 0x3f, 0x00, 0x63, 0x5d, 0x1f, 0xf3, 0x40, 0x29, 0x65, 0x87, 0xcf, 0x46, 0xb3, 0xff, 0xe9, 0x90, + 0x5e, 0xb4, 0xae, 0x87, 0x4d, 0x5e, 0xd0, 0x3f, 0xd6, 0x5f, 0x54, 0xd8, 0xb8, 0x05, 0x0e, 0x11, + 0xe3, 0x06, 0x58, 0xd5, 0x88, 0x4d, 0x96, 0x74, 0x8c, 0x46, 0x4e, 0x4c, 0x82, 0xe3, 0x1e, 0xa3, + 0xcb, 0x8a, 0x09, 0x36, 0x18, 0xa2, 0x8d, 0x4c, 0x4e, 0xc9, 0xe5, 0xa3, 0xe7, 0x94, 0xb0, 0xda, + 0x32, 0xbd, 0x6a, 0x70, 0x7f, 0xc9, 0x82, 0x93, 0x41, 0x66, 0xe4, 0x16, 0x13, 0x46, 0xda, 0x7b, + 0x56, 0xf0, 0xfb, 0x64, 0xb2, 0x6d, 0x38, 0xc7, 0xbf, 0xd7, 0x92, 0x56, 0x3d, 0xe0, 0x92, 0xa6, + 0x6f, 0x06, 0x19, 0xea, 0x77, 0x33, 0x08, 0x0a, 0xd4, 0xd5, 0x48, 0xc3, 0x85, 0x5f, 0x8d, 0x04, + 0x3d, 0xae, 0x45, 0xba, 0x05, 0x75, 0x37, 0x26, 0x4e, 0x7a, 0xc8, 0x5b, 0x72, 0xd8, 0x01, 0xfd, + 0x8c, 0x24, 0x80, 0x35, 0x2d, 0xfb, 0x7f, 0x57, 0xe0, 0xb4, 0xec, 0x11, 0x19, 0x82, 0x4e, 0xd7, + 0x47, 0xce, 0x57, 0x1b, 0xb7, 0x6a, 0x7d, 0xbc, 0x22, 0x01, 0x58, 0xe3, 0x50, 0x7b, 0xac, 0x93, + 0x90, 0xa5, 0x88, 0x04, 0x0b, 0xde, 0x5a, 0x22, 0xce, 0x39, 0xd5, 0x44, 0xb9, 0xa1, 0x41, 0xd8, + 0xc4, 0xa3, 0xc6, 0x38, 0xb7, 0x8b, 0x93, 0x7c, 0xfa, 0x8a, 0xb0, 0xb7, 0xb1, 0x84, 0xa3, 0x5f, + 0xe8, 0x59, 0x2f, 0xb2, 0x98, 0xc4, 0xad, 0xae, 0xc8, 0xfb, 0x03, 0x5e, 0xac, 0xf6, 0x37, 0x2c, + 0x38, 0xc7, 0x5b, 0x65, 0x4f, 0xde, 0x88, 0x9a, 0x4e, 0x4a, 0x92, 0x62, 0xea, 0x37, 0xf7, 0x90, + 0x4f, 0x3b, 0x79, 0x7b, 0xb1, 0xc5, 0xbd, 0xa5, 0x41, 0x5f, 0xb4, 0xe0, 0xd4, 0x66, 0x26, 0xd3, + 0x5f, 0x2e, 0x1d, 0x47, 0xac, 0x49, 0x93, 0x2d, 0x1f, 0xa0, 0xa7, 0x5a, 0xb6, 0x3d, 0xc1, 0x79, + 0xee, 0xf6, 0x9f, 0x58, 0x60, 0xaa, 0xd1, 0xc1, 0x2c, 0x40, 0xe3, 0x2a, 0xdb, 0xd2, 0x3e, 0x57, + 0xd9, 0x4a, 0x63, 0xb1, 0x3c, 0xd8, 0xe6, 0xa4, 0x72, 0x80, 0xcd, 0x49, 0xb5, 0xaf, 0x75, 0xf9, + 0x04, 0x94, 0x3b, 0x5e, 0x53, 0xec, 0x2f, 0xf4, 0xe9, 0xeb, 0xfc, 0x2c, 0xa6, 0xed, 0xf6, 0x3f, + 0xaa, 0x6a, 0xbf, 0x85, 0xc8, 0x8b, 0xfa, 0xbe, 0x78, 0xed, 0x75, 0x55, 0x62, 0x88, 0xbf, 0xf9, + 0xf5, 0xae, 0x12, 0x43, 0x3f, 0x72, 0xf0, 0xb4, 0x37, 0xde, 0x41, 0xfd, 0x2a, 0x0c, 0x0d, 0xef, + 0x93, 0xf3, 0x76, 0x1b, 0x6a, 0x74, 0x0b, 0xc6, 0x1c, 0x90, 0xb5, 0x8c, 0x50, 0xb5, 0x2b, 0xa2, + 0xfd, 0xee, 0xee, 0xc4, 0x0f, 0x1f, 0x5c, 0x2c, 0xf9, 0x34, 0x56, 0xf4, 0x51, 0x02, 0x75, 0xfa, + 0x9b, 0xa5, 0xe7, 0x89, 0xcd, 0xdd, 0x0d, 0xa5, 0x33, 0x25, 0xa0, 0x90, 0xdc, 0x3f, 0xcd, 0x07, + 0x05, 0x50, 0x67, 0x77, 0x50, 0x32, 0xa6, 0x7c, 0x0f, 0xb8, 0xac, 0x92, 0xe4, 0x24, 0xe0, 0xee, + 0xee, 0xc4, 0xcb, 0x07, 0x67, 0xaa, 0x1e, 0xc7, 0x9a, 0x85, 0xfd, 0xe5, 0x8a, 0x1e, 0xbb, 0xa2, + 0xb2, 0xd4, 0xf7, 0xc5, 0xd8, 0x7d, 0x29, 0x37, 0x76, 0x2f, 0x74, 0x8d, 0xdd, 0x93, 0xfa, 0xae, + 0xc4, 0xcc, 0x68, 0xbc, 0xdf, 0x86, 0xc0, 0xfe, 0xfe, 0x06, 0x66, 0x01, 0xbd, 0xd1, 0xf1, 0x62, + 0x92, 0x2c, 0xc7, 0x9d, 0xc0, 0x0b, 0x5a, 0xe2, 0x0e, 0x7c, 0xc3, 0x02, 0xca, 0x80, 0x71, 0x1e, + 0x9f, 0xdd, 0x9f, 0xbf, 0x13, 0xb8, 0xb7, 0x9c, 0x2d, 0x3e, 0xaa, 0x8c, 0x62, 0x3b, 0x2b, 0xa2, + 0x1d, 0x2b, 0x0c, 0xfb, 0x2d, 0x76, 0x96, 0x6d, 0xe4, 0x05, 0xd3, 0x31, 0xe1, 0xb3, 0x4b, 0x3f, + 0x79, 0xa5, 0x1e, 0x35, 0x26, 0xf8, 0x4d, 0x9f, 0x1c, 0x86, 0xee, 0xc0, 0xf0, 0x1a, 0xbf, 0xf5, + 0xaa, 0x98, 0xaa, 0xc4, 0xe2, 0x0a, 0x2d, 0x76, 0xb7, 0x81, 0xbc, 0x4f, 0xeb, 0xae, 0xfe, 0x89, + 0x25, 0x37, 0xfb, 0x9b, 0x15, 0x38, 0x95, 0xbb, 0x16, 0x32, 0x53, 0x23, 0xb1, 0xb4, 0x6f, 0x8d, + 0xc4, 0x8f, 0x00, 0x34, 0x49, 0xe4, 0x87, 0x3b, 0xcc, 0x1c, 0xab, 0x1c, 0xd8, 0x1c, 0x53, 0x16, + 0xfc, 0xac, 0xa2, 0x82, 0x0d, 0x8a, 0xa2, 0x3c, 0x11, 0x2f, 0xb9, 0x98, 0x2b, 0x4f, 0x64, 0xd4, + 0x2e, 0x1f, 0xba, 0xbf, 0xb5, 0xcb, 0x3d, 0x38, 0xc5, 0x45, 0x54, 0xd9, 0xb7, 0x87, 0x48, 0xb2, + 0x65, 0xf9, 0x0b, 0xb3, 0x59, 0x32, 0x38, 0x4f, 0xf7, 0x41, 0xde, 0xfa, 0x8a, 0xde, 0x03, 0x75, + 0xf9, 0x9d, 0x93, 0xf1, 0xba, 0xae, 0x60, 0x20, 0x87, 0x01, 0xbb, 0x8d, 0x55, 0xfc, 0xb4, 0xbf, + 0x50, 0xa2, 0xd6, 0x33, 0xff, 0xa7, 0x2a, 0xd1, 0x3c, 0x0d, 0x43, 0x4e, 0x27, 0xdd, 0x08, 0xbb, + 0x6e, 0xce, 0x9a, 0x66, 0xad, 0x58, 0x40, 0xd1, 0x02, 0x54, 0x9a, 0xba, 0xba, 0xc8, 0x41, 0x7a, + 0x51, 0x3b, 0x22, 0x9d, 0x94, 0x60, 0x46, 0x05, 0x3d, 0x0e, 0x95, 0xd4, 0x69, 0xc9, 0x44, 0x27, + 0x96, 0xdc, 0xba, 0xea, 0xb4, 0x12, 0xcc, 0x5a, 0xcd, 0x45, 0xb3, 0xb2, 0xcf, 0xa2, 0xf9, 0x32, + 0x9c, 0x48, 0xbc, 0x56, 0xe0, 0xa4, 0x9d, 0x98, 0x18, 0x87, 0x6b, 0x3a, 0x5e, 0xc2, 0x04, 0xe2, + 0x2c, 0xae, 0xfd, 0x9b, 0xa3, 0x70, 0x76, 0x65, 0x66, 0x51, 0x56, 0xca, 0x3d, 0xb6, 0x5c, 0xa5, + 0x5e, 0x3c, 0xee, 0x5f, 0xae, 0x52, 0x1f, 0xee, 0xbe, 0x91, 0xab, 0xe4, 0x1b, 0xb9, 0x4a, 0xd9, + 0xc4, 0x91, 0x72, 0x11, 0x89, 0x23, 0xbd, 0x24, 0x18, 0x24, 0x71, 0xe4, 0xd8, 0x92, 0x97, 0xee, + 0x29, 0xd0, 0x81, 0x92, 0x97, 0x54, 0x66, 0x57, 0x21, 0x21, 0xfd, 0x7d, 0x3e, 0x55, 0xcf, 0xcc, + 0x2e, 0x95, 0x55, 0xc3, 0xd3, 0x55, 0x84, 0x82, 0x7d, 0xad, 0x78, 0x01, 0x06, 0xc8, 0xaa, 0x11, + 0x19, 0x33, 0x66, 0x26, 0xd7, 0x70, 0x11, 0x99, 0x5c, 0xbd, 0xc4, 0xd9, 0x37, 0x93, 0xeb, 0x65, + 0x38, 0xe1, 0xfa, 0x61, 0x40, 0x96, 0xe3, 0x30, 0x0d, 0xdd, 0xd0, 0x17, 0xc6, 0xb4, 0x52, 0x09, + 0x33, 0x26, 0x10, 0x67, 0x71, 0xfb, 0xa5, 0x81, 0xd5, 0x8f, 0x9a, 0x06, 0x06, 0x0f, 0x28, 0x0d, + 0xec, 0x67, 0x75, 0xc2, 0xf2, 0x08, 0xfb, 0x22, 0x1f, 0x29, 0xfe, 0x8b, 0x0c, 0x92, 0xb5, 0x8c, + 0xbe, 0xca, 0xaf, 0xae, 0xa2, 0xe6, 0xe8, 0x4c, 0xd8, 0xa6, 0xe6, 0xd6, 0x28, 0xeb, 0x92, 0xd7, + 0x8f, 0x61, 0xc0, 0xde, 0x5a, 0xd1, 0x6c, 0xd4, 0x75, 0x56, 0xba, 0x09, 0x67, 0x05, 0x39, 0x4a, + 0x42, 0xf5, 0xd7, 0x4a, 0xf0, 0x03, 0xfb, 0x8a, 0x80, 0xee, 0x00, 0xa4, 0x4e, 0x4b, 0x0c, 0x54, + 0x71, 0x4c, 0x71, 0xc4, 0xa0, 0xc6, 0x55, 0x49, 0x8f, 0x57, 0x02, 0x51, 0x7f, 0xd9, 0x01, 0x80, + 0xfc, 0xcd, 0x62, 0x19, 0x43, 0xbf, 0xab, 0xea, 0x21, 0x0e, 0x7d, 0x82, 0x19, 0x84, 0x2e, 0xff, + 0x31, 0x69, 0xe9, 0xbb, 0x56, 0xd5, 0xe7, 0xc3, 0xac, 0x15, 0x0b, 0x28, 0x7a, 0x11, 0x46, 0x1c, + 0xdf, 0xe7, 0x59, 0x29, 0x24, 0x11, 0x77, 0x57, 0xe8, 0xca, 0x6d, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, + 0x8f, 0x4b, 0x30, 0xb1, 0x8f, 0x4e, 0xe9, 0xca, 0xb3, 0xab, 0x0e, 0x9c, 0x67, 0x27, 0x32, 0x03, + 0x86, 0xfa, 0x64, 0x06, 0xbc, 0x08, 0x23, 0x29, 0x71, 0xda, 0x22, 0x0c, 0x4a, 0xec, 0xbf, 0xf5, + 0xb9, 0xab, 0x06, 0x61, 0x13, 0x8f, 0x6a, 0xb1, 0x93, 0x8e, 0xeb, 0x92, 0x24, 0x91, 0xa1, 0xff, + 0xc2, 0x87, 0x59, 0x58, 0x5e, 0x01, 0x73, 0x0d, 0x4f, 0x67, 0x58, 0xe0, 0x1c, 0xcb, 0x7c, 0x87, + 0xd7, 0x07, 0xec, 0xf0, 0x6f, 0x94, 0xe0, 0x89, 0x7b, 0xae, 0x6e, 0x03, 0x67, 0x65, 0x74, 0x12, + 0x12, 0xe7, 0x07, 0xce, 0x8d, 0x84, 0xc4, 0x98, 0x41, 0x78, 0x2f, 0x45, 0x91, 0x71, 0x97, 0x6d, + 0xd1, 0x29, 0x43, 0xbc, 0x97, 0x32, 0x2c, 0x70, 0x8e, 0xe5, 0x61, 0x87, 0xe5, 0xdf, 0x29, 0xc1, + 0x53, 0x03, 0xd8, 0x00, 0x05, 0xa6, 0x56, 0x65, 0x13, 0xdc, 0xca, 0x0f, 0x28, 0x0f, 0xf1, 0x90, + 0xdd, 0xf5, 0x56, 0x09, 0xce, 0xf7, 0x5f, 0x8a, 0xd1, 0x8f, 0xd2, 0x3d, 0xbc, 0x8c, 0x7d, 0x32, + 0x73, 0xe3, 0xce, 0xf0, 0xfd, 0x7b, 0x06, 0x84, 0xf3, 0xb8, 0x68, 0x12, 0x20, 0x72, 0xd2, 0x8d, + 0xe4, 0xd2, 0xb6, 0x97, 0xa4, 0xa2, 0xf6, 0xcb, 0x49, 0x7e, 0x62, 0x24, 0x5b, 0xb1, 0x81, 0x41, + 0xd9, 0xb1, 0x7f, 0xb3, 0xe1, 0xf5, 0x30, 0xe5, 0x0f, 0xf1, 0x6d, 0xc4, 0x19, 0x59, 0x1f, 0xdf, + 0x00, 0xe1, 0x3c, 0x2e, 0x65, 0xc7, 0xce, 0x24, 0xb9, 0xa0, 0x7c, 0x7f, 0xc1, 0xd8, 0x2d, 0xa8, + 0x56, 0x6c, 0x60, 0xe4, 0xb3, 0xfe, 0xaa, 0xfb, 0x67, 0xfd, 0xd9, 0xff, 0xb0, 0x04, 0x8f, 0xf5, + 0x35, 0xe5, 0x06, 0x9b, 0x80, 0x0f, 0x5f, 0xa6, 0xde, 0xe1, 0xc6, 0xce, 0x01, 0x33, 0xca, 0xfe, + 0xb0, 0xcf, 0x48, 0x13, 0x19, 0x65, 0x87, 0x4f, 0xc9, 0x7e, 0xf8, 0xfa, 0xb3, 0x2b, 0x89, 0xac, + 0x72, 0x80, 0x24, 0xb2, 0xdc, 0xc7, 0xa8, 0x0e, 0x38, 0x91, 0xff, 0x6f, 0xff, 0xee, 0xa5, 0x5b, + 0xbf, 0x81, 0xbc, 0xa3, 0xb3, 0x70, 0xda, 0x0b, 0xd8, 0x5d, 0x29, 0x2b, 0x9d, 0x35, 0x51, 0x0e, + 0xa4, 0x94, 0xbd, 0xa9, 0x78, 0x3e, 0x07, 0xc7, 0x5d, 0x4f, 0x3c, 0x84, 0x49, 0x7d, 0x87, 0xeb, + 0xd2, 0x03, 0xa6, 0x95, 0x7e, 0x04, 0xea, 0x4a, 0x12, 0x1e, 0xd6, 0xac, 0x3e, 0x7f, 0x57, 0x58, + 0xb3, 0xfa, 0xf6, 0x06, 0x16, 0xed, 0x37, 0x6a, 0x9c, 0xe6, 0xc6, 0xf1, 0x35, 0xb2, 0xc3, 0x2c, + 0x55, 0xfb, 0xbd, 0x30, 0xaa, 0x3c, 0x1e, 0x83, 0x5e, 0x9f, 0x61, 0x7f, 0x79, 0x08, 0x4e, 0x64, + 0x8a, 0xe3, 0x65, 0x1c, 0x8c, 0xd6, 0xbe, 0x0e, 0x46, 0x16, 0xa6, 0xde, 0x09, 0xe4, 0xdd, 0x3a, + 0x46, 0x98, 0x7a, 0x27, 0x20, 0x98, 0xc3, 0xa8, 0xa1, 0xd9, 0x8c, 0x77, 0x70, 0x27, 0x10, 0xe1, + 0xa4, 0xca, 0xd0, 0x9c, 0x65, 0xad, 0x58, 0x40, 0xd1, 0x27, 0x2d, 0x18, 0x4d, 0x98, 0xf7, 0x9a, + 0xbb, 0x67, 0xc5, 0xe7, 0xbf, 0x7a, 0xf4, 0xda, 0x7f, 0xaa, 0x10, 0x24, 0x8b, 0x10, 0x31, 0x5b, + 0x70, 0x86, 0x23, 0xfa, 0x69, 0x0b, 0xea, 0xea, 0x0a, 0x00, 0x71, 0x01, 0xd6, 0x4a, 0xb1, 0xb5, + 0x07, 0xb9, 0x5f, 0x4f, 0x1d, 0x04, 0xe8, 0x3b, 0xbd, 0x35, 0x63, 0x94, 0x28, 0xdf, 0xe9, 0xf0, + 0xf1, 0xf8, 0x4e, 0xa1, 0x87, 0xdf, 0xf4, 0x3d, 0x50, 0x6f, 0x3b, 0x81, 0xb7, 0x4e, 0x92, 0x94, + 0xbb, 0x33, 0x65, 0x49, 0x54, 0xd9, 0x88, 0x35, 0x9c, 0x2e, 0x8d, 0x09, 0x7b, 0xb1, 0xd4, 0xf0, + 0x3f, 0xb2, 0xa5, 0x71, 0x45, 0x37, 0x63, 0x13, 0xc7, 0x74, 0x96, 0xc2, 0x03, 0x75, 0x96, 0x8e, + 0xec, 0xe3, 0x2c, 0xfd, 0x7b, 0x16, 0x9c, 0xeb, 0xf9, 0xd5, 0x1e, 0xde, 0xc0, 0x3f, 0xfb, 0x2b, + 0x55, 0x38, 0xd3, 0xa3, 0xca, 0x25, 0xda, 0x31, 0xc7, 0xb3, 0x55, 0xc4, 0x19, 0x7a, 0xf6, 0x48, + 0x58, 0x76, 0x63, 0x8f, 0x41, 0x7c, 0xb0, 0xa3, 0x0a, 0x7d, 0x5c, 0x50, 0xbe, 0xbf, 0xc7, 0x05, + 0xc6, 0xb0, 0xac, 0x3c, 0xd0, 0x61, 0x59, 0xbd, 0xf7, 0xb0, 0x44, 0xbf, 0x66, 0xc1, 0x78, 0xbb, + 0x4f, 0x69, 0x75, 0xe1, 0x02, 0xbc, 0x79, 0x3c, 0x85, 0xdb, 0x1b, 0x8f, 0xef, 0xed, 0x4e, 0xf4, + 0xad, 0x68, 0x8f, 0xfb, 0x4a, 0x65, 0x7f, 0xa7, 0x0c, 0xac, 0xc4, 0x2a, 0xab, 0x64, 0xb6, 0x83, + 0x3e, 0x61, 0x16, 0xcb, 0xb5, 0x8a, 0x2a, 0xec, 0xca, 0x89, 0xab, 0x62, 0xbb, 0xbc, 0x07, 0x7b, + 0xd5, 0xde, 0xcd, 0x2b, 0xad, 0xd2, 0x00, 0x4a, 0xcb, 0x97, 0x55, 0x89, 0xcb, 0xc5, 0x57, 0x25, + 0xae, 0xe7, 0x2b, 0x12, 0xdf, 0xfb, 0x13, 0x57, 0x1e, 0xca, 0x4f, 0xfc, 0xd7, 0x2c, 0xae, 0x78, + 0x72, 0x5f, 0x41, 0x5b, 0x06, 0xd6, 0x3d, 0x2c, 0x83, 0x67, 0xd9, 0xed, 0xec, 0xeb, 0x57, 0x88, + 0xe3, 0x0b, 0x0b, 0xc2, 0xbc, 0x68, 0x9d, 0xb5, 0x63, 0x85, 0xc1, 0x2e, 0x2b, 0xf4, 0xfd, 0xf0, + 0xce, 0xa5, 0x76, 0x94, 0xee, 0x08, 0x5b, 0x42, 0x5f, 0x56, 0xa8, 0x20, 0xd8, 0xc0, 0xb2, 0xff, + 0x7a, 0x89, 0x8f, 0x40, 0x11, 0x04, 0xf0, 0x52, 0xee, 0x7a, 0xa9, 0xc1, 0xcf, 0xcf, 0x3f, 0x06, + 0xe0, 0xaa, 0x8b, 0x99, 0xc5, 0xe9, 0xcc, 0x95, 0x23, 0xdf, 0x1a, 0x2b, 0xe8, 0xe9, 0xd7, 0xd0, + 0x6d, 0xd8, 0xe0, 0x97, 0xd1, 0xa5, 0xe5, 0x7d, 0x75, 0x69, 0x46, 0xad, 0x54, 0xf6, 0x59, 0xed, + 0xfe, 0xd8, 0x82, 0x8c, 0x45, 0x84, 0x22, 0xa8, 0x52, 0x71, 0x77, 0x8a, 0xb9, 0x73, 0xda, 0x24, + 0x4d, 0x55, 0xa3, 0x18, 0xf6, 0xec, 0x27, 0xe6, 0x8c, 0x90, 0x2f, 0x62, 0x05, 0x4a, 0x45, 0xdc, + 0x8b, 0x6e, 0x32, 0xbc, 0x12, 0x86, 0x9b, 0xfc, 0x88, 0x51, 0xc7, 0x1d, 0xd8, 0x2f, 0xc1, 0x58, + 0x97, 0x50, 0xec, 0x26, 0x99, 0x50, 0x5e, 0xb4, 0x6d, 0x0c, 0x57, 0x96, 0xc0, 0x88, 0x39, 0xcc, + 0x7e, 0xcb, 0x82, 0xd3, 0x79, 0xf2, 0xe8, 0xab, 0x16, 0x8c, 0x25, 0x79, 0x7a, 0xc7, 0xd5, 0x77, + 0x2a, 0xde, 0xaf, 0x0b, 0x84, 0xbb, 0x85, 0xb0, 0xff, 0x8f, 0x18, 0xfc, 0xb7, 0xbc, 0xa0, 0x19, + 0xde, 0x51, 0x86, 0x89, 0xd5, 0xd7, 0x30, 0xa1, 0xf3, 0xd1, 0xdd, 0x20, 0xcd, 0x8e, 0xdf, 0x95, + 0x39, 0xb9, 0x22, 0xda, 0xb1, 0xc2, 0x60, 0x89, 0x62, 0x1d, 0x51, 0xb6, 0x3c, 0x37, 0x28, 0x67, + 0x45, 0x3b, 0x56, 0x18, 0xe8, 0x05, 0x18, 0x35, 0x2f, 0x93, 0x17, 0xe3, 0x92, 0x19, 0xe4, 0xe6, + 0xbd, 0xf3, 0x38, 0x83, 0x85, 0x26, 0x01, 0x94, 0x91, 0x23, 0x97, 0x48, 0xe6, 0xb2, 0x51, 0x9a, + 0x28, 0xc1, 0x06, 0x06, 0x4b, 0xcb, 0xe4, 0x37, 0xb6, 0xcb, 0xa8, 0x58, 0x9e, 0x96, 0x29, 0xda, + 0xb0, 0x82, 0x52, 0x6d, 0xd2, 0x76, 0x82, 0x8e, 0xe3, 0xd3, 0x1e, 0x12, 0xb9, 0xe4, 0x6a, 0x1a, + 0x2e, 0x2a, 0x08, 0x36, 0xb0, 0xe8, 0x1b, 0xa7, 0x5e, 0x9b, 0xbc, 0x1a, 0x06, 0x32, 0x4e, 0x4b, + 0x1f, 0xc0, 0x88, 0x76, 0xac, 0x30, 0xec, 0xff, 0x6c, 0xc1, 0x29, 0x9d, 0xe4, 0xcd, 0xef, 0x8c, + 0x35, 0xf7, 0x8c, 0xd6, 0xbe, 0xf9, 0xeb, 0xd9, 0xec, 0xd7, 0xd2, 0x40, 0xd9, 0xaf, 0x66, 0x62, + 0x6a, 0xf9, 0x9e, 0x89, 0xa9, 0x3f, 0xa8, 0xef, 0x23, 0xe4, 0x19, 0xac, 0x23, 0xbd, 0xee, 0x22, + 0x44, 0x36, 0x0c, 0xb9, 0x8e, 0xaa, 0x70, 0x32, 0xca, 0xf7, 0x0e, 0x33, 0xd3, 0x0c, 0x49, 0x40, + 0xec, 0x25, 0xa8, 0xab, 0x73, 0x08, 0xb9, 0x51, 0xb5, 0x7a, 0x6f, 0x54, 0x07, 0x4a, 0x90, 0x6b, + 0xac, 0x7d, 0xf3, 0xbb, 0x4f, 0xbe, 0xe3, 0x77, 0xbf, 0xfb, 0xe4, 0x3b, 0xfe, 0xe0, 0xbb, 0x4f, + 0xbe, 0xe3, 0x93, 0x7b, 0x4f, 0x5a, 0xdf, 0xdc, 0x7b, 0xd2, 0xfa, 0xdd, 0xbd, 0x27, 0xad, 0x3f, + 0xd8, 0x7b, 0xd2, 0xfa, 0xce, 0xde, 0x93, 0xd6, 0x97, 0xfe, 0xc3, 0x93, 0xef, 0x78, 0xb5, 0x67, + 0xa0, 0x1e, 0xfd, 0xf1, 0x9c, 0xdb, 0x9c, 0xda, 0xba, 0xc8, 0x62, 0xc5, 0xe8, 0xf4, 0x9a, 0x32, + 0xc6, 0xd4, 0x94, 0x9c, 0x5e, 0xff, 0x3f, 0x00, 0x00, 0xff, 0xff, 0xc3, 0xee, 0x24, 0x07, 0x84, + 0xd9, 0x00, 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -11446,6 +11449,16 @@ func (m *ResourceAction) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + i -= len(m.DisplayName) + copy(dAtA[i:], m.DisplayName) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.DisplayName))) + i-- + dAtA[i] = 0x2a + i -= len(m.IconClass) + copy(dAtA[i:], m.IconClass) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.IconClass))) + i-- + dAtA[i] = 0x22 i-- if m.Disabled { dAtA[i] = 1 @@ -16260,6 +16273,10 @@ func (m *ResourceAction) Size() (n int) { } } n += 2 + l = len(m.IconClass) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.DisplayName) + n += 1 + l + sovGenerated(uint64(l)) return n } @@ -19007,6 +19024,8 @@ func (this *ResourceAction) String() string { `Name:` + fmt.Sprintf("%v", this.Name) + `,`, `Params:` + repeatedStringForParams + `,`, `Disabled:` + fmt.Sprintf("%v", this.Disabled) + `,`, + `IconClass:` + fmt.Sprintf("%v", this.IconClass) + `,`, + `DisplayName:` + fmt.Sprintf("%v", this.DisplayName) + `,`, `}`, }, "") return s @@ -40596,6 +40615,70 @@ func (m *ResourceAction) Unmarshal(dAtA []byte) error { } } m.Disabled = bool(v != 0) + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field IconClass", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.IconClass = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DisplayName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DisplayName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 67fcf772d731b..ee76a7585f99c 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -1594,6 +1594,10 @@ message ResourceAction { repeated ResourceActionParam params = 2; optional bool disabled = 3; + + optional string iconClass = 4; + + optional string displayName = 5; } // TODO: describe this type diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index d96f744fbe65f..3caf488c4b5e5 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -5514,6 +5514,18 @@ func schema_pkg_apis_application_v1alpha1_ResourceAction(ref common.ReferenceCal Format: "", }, }, + "iconClass": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + "displayName": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, }, }, }, diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index cae6b16052174..5c35bd24cec52 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -16,7 +16,6 @@ import ( "time" "unicode" - "github.com/argoproj/argo-cd/v2/util/env" "github.com/argoproj/gitops-engine/pkg/health" synccommon "github.com/argoproj/gitops-engine/pkg/sync/common" "github.com/robfig/cron/v3" @@ -36,6 +35,8 @@ import ( "k8s.io/client-go/tools/clientcmd/api" "sigs.k8s.io/yaml" + "github.com/argoproj/argo-cd/v2/util/env" + "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/util/collections" "github.com/argoproj/argo-cd/v2/util/helm" @@ -1942,9 +1943,11 @@ type ResourceActionDefinition struct { // TODO: describe this type // TODO: describe members of this type type ResourceAction struct { - Name string `json:"name,omitempty" protobuf:"bytes,1,opt,name=name"` - Params []ResourceActionParam `json:"params,omitempty" protobuf:"bytes,2,rep,name=params"` - Disabled bool `json:"disabled,omitempty" protobuf:"varint,3,opt,name=disabled"` + Name string `json:"name,omitempty" protobuf:"bytes,1,opt,name=name"` + Params []ResourceActionParam `json:"params,omitempty" protobuf:"bytes,2,rep,name=params"` + Disabled bool `json:"disabled,omitempty" protobuf:"varint,3,opt,name=disabled"` + IconClass string `json:"iconClass,omitempty" protobuf:"bytes,4,opt,name=iconClass"` + DisplayName string `json:"displayName,omitempty" protobuf:"bytes,5,opt,name=displayName"` } // TODO: describe this type diff --git a/resource_customizations/argoproj.io/CronWorkflow/actions/discovery.lua b/resource_customizations/argoproj.io/CronWorkflow/actions/discovery.lua index 5e16c6c1c14d8..717386b29a691 100644 --- a/resource_customizations/argoproj.io/CronWorkflow/actions/discovery.lua +++ b/resource_customizations/argoproj.io/CronWorkflow/actions/discovery.lua @@ -1,3 +1,6 @@ actions = {} -actions["create-workflow"] = {} +actions["create-workflow"] = { + ["iconClass"] = "fa fa-fw fa-play", + ["displayName"] = "Create Workflow" +} return actions \ No newline at end of file diff --git a/resource_customizations/argoproj.io/WorkflowTemplate/actions/discovery.lua b/resource_customizations/argoproj.io/WorkflowTemplate/actions/discovery.lua index 5e16c6c1c14d8..717386b29a691 100644 --- a/resource_customizations/argoproj.io/WorkflowTemplate/actions/discovery.lua +++ b/resource_customizations/argoproj.io/WorkflowTemplate/actions/discovery.lua @@ -1,3 +1,6 @@ actions = {} -actions["create-workflow"] = {} +actions["create-workflow"] = { + ["iconClass"] = "fa fa-fw fa-play", + ["displayName"] = "Create Workflow" +} return actions \ No newline at end of file diff --git a/resource_customizations/batch/CronJob/actions/discovery.lua b/resource_customizations/batch/CronJob/actions/discovery.lua index f90293c1aa671..a8b0950181456 100644 --- a/resource_customizations/batch/CronJob/actions/discovery.lua +++ b/resource_customizations/batch/CronJob/actions/discovery.lua @@ -1,3 +1,6 @@ actions = {} -actions["create-job"] = {} +actions["create-job"] = { + ["iconClass"] = "fa fa-fw fa-play", + ["displayName"] = "Create Job" +} return actions \ No newline at end of file diff --git a/ui/src/app/applications/components/utils.tsx b/ui/src/app/applications/components/utils.tsx index d096658bb7d8f..0df581ca0f291 100644 --- a/ui/src/app/applications/components/utils.tsx +++ b/ui/src/app/applications/components/utils.tsx @@ -402,8 +402,9 @@ function getResourceActionsMenuItems(resource: ResourceTreeNode, metadata: model return actions.map( action => ({ - title: action.name, + title: action.displayName ?? action.name, disabled: !!action.disabled, + iconClassName: action.iconClass, action: async () => { try { const confirmed = await apis.popup.confirm(`Execute '${action.name}' action?`, `Are you sure you want to execute '${action.name}' action?`); @@ -436,14 +437,14 @@ function getActionItems( ...((isRoot && [ { title: 'Sync', - iconClassName: 'fa fa-sync', + iconClassName: 'fa fa-fw fa-sync', action: () => showDeploy(nodeKey(resource), null, apis) } ]) || []), { title: 'Delete', - iconClassName: 'fa fa-times-circle', + iconClassName: 'fa fa-fw fa-times-circle', action: async () => { return deletePopup(apis, resource, application, appChanged); } @@ -452,7 +453,7 @@ function getActionItems( if (!isQuickStart) { items.unshift({ title: 'Details', - iconClassName: 'fa fa-info-circle', + iconClassName: 'fa fa-fw fa-info-circle', action: () => apis.navigation.goto('.', {node: nodeKey(resource)}) }); } @@ -460,7 +461,7 @@ function getActionItems( if (findChildPod(resource, tree)) { items.push({ title: 'Logs', - iconClassName: 'fa fa-align-left', + iconClassName: 'fa fa-fw fa-align-left', action: () => apis.navigation.goto('.', {node: nodeKey(resource), tab: 'logs'}, {replace: true}) }); } @@ -477,7 +478,7 @@ function getActionItems( return [ { title: 'Exec', - iconClassName: 'fa fa-terminal', + iconClassName: 'fa fa-fw fa-terminal', action: async () => apis.navigation.goto('.', {node: nodeKey(resource), tab: 'exec'}, {replace: true}) } as MenuItem ]; @@ -495,7 +496,7 @@ function getActionItems( link => ({ title: link.title, - iconClassName: `fa ${link.iconClass ? link.iconClass : 'fa-external-link'}`, + iconClassName: `fa fa-fw ${link.iconClass ? link.iconClass : 'fa-external-link'}`, action: () => window.open(link.url, '_blank'), tooltip: link.description } as MenuItem) diff --git a/ui/src/app/shared/models.ts b/ui/src/app/shared/models.ts index 7604e4c39bd1e..ef0d47331c403 100644 --- a/ui/src/app/shared/models.ts +++ b/ui/src/app/shared/models.ts @@ -772,6 +772,8 @@ export interface ResourceAction { name: string; params: ResourceActionParam[]; disabled: boolean; + iconClass: string; + displayName: string; } export interface SyncWindowsState { From 5795ba739d258fc788bf9645fdc8aa427d8a1ee9 Mon Sep 17 00:00:00 2001 From: Alex Collins Date: Mon, 31 Jul 2023 16:24:59 -0700 Subject: [PATCH 068/105] fix: Correct broken `forever` option in pod logs viewer. Fixes #14762 (#14763) Signed-off-by: Alex Collins --- .../pod-logs-viewer/since-seconds-selector.tsx | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ui/src/app/applications/components/pod-logs-viewer/since-seconds-selector.tsx b/ui/src/app/applications/components/pod-logs-viewer/since-seconds-selector.tsx index e5c02ee031f80..0d322afc71ba5 100644 --- a/ui/src/app/applications/components/pod-logs-viewer/since-seconds-selector.tsx +++ b/ui/src/app/applications/components/pod-logs-viewer/since-seconds-selector.tsx @@ -4,7 +4,14 @@ import {Tooltip} from 'argo-ui'; // SinceSelector is a component that renders a dropdown menu of time ranges export const SinceSecondsSelector = ({sinceSeconds, setSinceSeconds}: {sinceSeconds: number; setSinceSeconds: (value: number) => void}) => ( - { + const v = parseInt(e.target.value, 10); + setSinceSeconds(!isNaN(v) ? v : null); + }}> From f099aa70e46b82edc54410d6ed0cf6bc0a46171a Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Mon, 31 Jul 2023 19:26:00 -0400 Subject: [PATCH 069/105] docs: Update application.yaml (#14742) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- docs/operator-manual/application.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/operator-manual/application.yaml b/docs/operator-manual/application.yaml index 26baa8e9e1771..6eee4a2135652 100644 --- a/docs/operator-manual/application.yaml +++ b/docs/operator-manual/application.yaml @@ -188,6 +188,7 @@ spec: - CreateNamespace=true # Namespace Auto-Creation ensures that namespace specified as the application destination exists in the destination cluster. - PrunePropagationPolicy=foreground # Supported policies are background, foreground and orphan. - PruneLast=true # Allow the ability for resource pruning to happen as a final, implicit wave of a sync operation + - RespectIgnoreDifferences=true # When syncing changes, respect fields ignored by the ignoreDifferences configuration managedNamespaceMetadata: # Sets the metadata for the application namespace. Only valid if CreateNamespace=true (see above), otherwise it's a no-op. labels: # The labels to set on the application namespace any: label @@ -206,7 +207,7 @@ spec: maxDuration: 3m # the maximum amount of time allowed for the backoff strategy # Will ignore differences between live and desired states during the diff. Note that these configurations are not - # used during the sync process. + # used during the sync process unless the `RespectIgnoreDifferences=true` sync option is enabled. ignoreDifferences: # for the specified json pointers - group: apps From 49a395037ef5c3cc74d5fcec5c772ea036760a1f Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Mon, 31 Jul 2023 19:26:47 -0400 Subject: [PATCH 070/105] docs: add ignoreDifferences name and namespace fields (#14741) * Update application.yaml Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Update docs/operator-manual/application.yaml Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- docs/operator-manual/application.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/operator-manual/application.yaml b/docs/operator-manual/application.yaml index 6eee4a2135652..076e348f30801 100644 --- a/docs/operator-manual/application.yaml +++ b/docs/operator-manual/application.yaml @@ -219,6 +219,9 @@ spec: kind: "*" managedFieldsManagers: - kube-controller-manager + # Name and namespace are optional. If specified, they must match exactly, these are not glob patterns. + name: my-deployment + namespace: my-namespace # RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for # informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional From 0d99943b448c3ae2fdcc52e26d8df388be48e2ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Jul 2023 20:16:00 -0400 Subject: [PATCH 071/105] chore(deps): bump library/node from 20.4.0 to 20.5.0 (#14664) Bumps library/node from 20.4.0 to 20.5.0. --- updated-dependencies: - dependency-name: library/node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index a35ad80d18dd5..90c411b22c403 100644 --- a/Dockerfile +++ b/Dockerfile @@ -83,7 +83,7 @@ WORKDIR /home/argocd #################################################################################################### # Argo CD UI stage #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/node:20.4.0@sha256:b3ca7d32f0c12291df6e45a914d4ee60011a3fce4a978df5e609e356a4a2cb88 AS argocd-ui +FROM --platform=$BUILDPLATFORM docker.io/library/node:20.5.0@sha256:32ec50b65ac9572eda92baa6004a04dbbfc8021ea806fa62d37336183cad04e6 AS argocd-ui WORKDIR /src COPY ["ui/package.json", "ui/yarn.lock", "./"] From be1b1ea6455ba67cb1bf4b2c199018247ed6bcd7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Jul 2023 20:16:23 -0400 Subject: [PATCH 072/105] chore(deps): bump library/node from 20.4.0 to 20.5.0 in /ui-test (#14662) Bumps library/node from 20.4.0 to 20.5.0. --- updated-dependencies: - dependency-name: library/node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- ui-test/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui-test/Dockerfile b/ui-test/Dockerfile index 567917399b33b..9dae33e7255e1 100644 --- a/ui-test/Dockerfile +++ b/ui-test/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/library/node:20.4.0@sha256:b3ca7d32f0c12291df6e45a914d4ee60011a3fce4a978df5e609e356a4a2cb88 as node +FROM docker.io/library/node:20.5.0@sha256:32ec50b65ac9572eda92baa6004a04dbbfc8021ea806fa62d37336183cad04e6 as node RUN apt-get update && apt-get install --no-install-recommends -y \ software-properties-common From 72754d772610636af95c030bc0f7608633a80896 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Mon, 31 Jul 2023 20:19:37 -0400 Subject: [PATCH 073/105] docs: Update Controlling-Resource-Modification.md (#14751) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- .../applicationset/Controlling-Resource-Modification.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docs/operator-manual/applicationset/Controlling-Resource-Modification.md b/docs/operator-manual/applicationset/Controlling-Resource-Modification.md index f43a9dbd359ba..b9c383cda404f 100644 --- a/docs/operator-manual/applicationset/Controlling-Resource-Modification.md +++ b/docs/operator-manual/applicationset/Controlling-Resource-Modification.md @@ -195,10 +195,6 @@ By default, the Argo CD notifications and the Argo CD refresh type annotations a Here is a list of commonly requested resource modification features which are not supported as of the current release. This lack of support is *not* necessarily by design; rather these behaviours are documented here to provide clear, concise descriptions of the current state of the feature. -### Limitation: Control resource modification on a per ApplicationSet basis - -There is currently no way to restrict modification/deletion of the Applications that are owned by an *individual* ApplicationSet. The global `--policy` parameters described above only allow targeting of *all* ApplicationSets (eg it is 'all or nothing'). - ### Limitation: No support for manual edits to individual Applications There is currently no way to allow modification of a single child Application of an ApplicationSet, for example, if you wanted to make manual edits to a single Application for debugging/testing purposes. From 4a7e6ec855a0b49831c5501446f91a78a20ba14f Mon Sep 17 00:00:00 2001 From: Hoang Quoc Trung Date: Tue, 1 Aug 2023 13:29:42 +0200 Subject: [PATCH 074/105] fix(notifications-catalog): Add nil check for notifications_catalog triggers (#14795) * Add nil check for notifications_catalog triggers Signed-off-by: Trung * Use correct nil check Signed-off-by: Trung * Add missing catalog generation to makefile Signed-off-by: Trung * Revert changes to update-manifests.sh Signed-off-by: Trung --------- Signed-off-by: Trung --- notifications_catalog/install.yaml | 7 ++++--- notifications_catalog/triggers/on-sync-failed.yaml | 2 +- notifications_catalog/triggers/on-sync-running.yaml | 2 +- notifications_catalog/triggers/on-sync-succeeded.yaml | 2 +- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/notifications_catalog/install.yaml b/notifications_catalog/install.yaml index d399dcf7a3fbd..e601615bac73f 100644 --- a/notifications_catalog/install.yaml +++ b/notifications_catalog/install.yaml @@ -513,12 +513,13 @@ data: - description: Application syncing has failed send: - app-sync-failed - when: app.status.operationState.phase in ['Error', 'Failed'] + when: app.status.operationState != nil and app.status.operationState.phase in ['Error', + 'Failed'] trigger.on-sync-running: | - description: Application is being synced send: - app-sync-running - when: app.status.operationState.phase in ['Running'] + when: app.status.operationState != nil and app.status.operationState.phase in ['Running'] trigger.on-sync-status-unknown: | - description: Application status is 'Unknown' send: @@ -528,7 +529,7 @@ data: - description: Application syncing has succeeded send: - app-sync-succeeded - when: app.status.operationState.phase in ['Succeeded'] + when: app.status.operationState != nil and app.status.operationState.phase in ['Succeeded'] kind: ConfigMap metadata: creationTimestamp: null diff --git a/notifications_catalog/triggers/on-sync-failed.yaml b/notifications_catalog/triggers/on-sync-failed.yaml index 888a007f39247..b19afc561b0d5 100644 --- a/notifications_catalog/triggers/on-sync-failed.yaml +++ b/notifications_catalog/triggers/on-sync-failed.yaml @@ -1,3 +1,3 @@ -- when: app.status.operationState.phase in ['Error', 'Failed'] +- when: app.status.operationState != nil and app.status.operationState.phase in ['Error', 'Failed'] description: Application syncing has failed send: [app-sync-failed] diff --git a/notifications_catalog/triggers/on-sync-running.yaml b/notifications_catalog/triggers/on-sync-running.yaml index 005d06177051e..8ed62c9bf9fe5 100644 --- a/notifications_catalog/triggers/on-sync-running.yaml +++ b/notifications_catalog/triggers/on-sync-running.yaml @@ -1,3 +1,3 @@ -- when: app.status.operationState.phase in ['Running'] +- when: app.status.operationState != nil and app.status.operationState.phase in ['Running'] description: Application is being synced send: [app-sync-running] diff --git a/notifications_catalog/triggers/on-sync-succeeded.yaml b/notifications_catalog/triggers/on-sync-succeeded.yaml index 9e1c9fef5af3b..c3eb0e1aead70 100644 --- a/notifications_catalog/triggers/on-sync-succeeded.yaml +++ b/notifications_catalog/triggers/on-sync-succeeded.yaml @@ -1,3 +1,3 @@ -- when: app.status.operationState.phase in ['Succeeded'] +- when: app.status.operationState != nil and app.status.operationState.phase in ['Succeeded'] description: Application syncing has succeeded send: [app-sync-succeeded] From ec34b3fe7bd85dff4d02bc4515354a6fb6f4d811 Mon Sep 17 00:00:00 2001 From: Alexander Matyushentsev Date: Tue, 1 Aug 2023 08:18:36 -0700 Subject: [PATCH 075/105] fix: ManagedResources API should not return diff for hooks (#14816) Signed-off-by: Alexander Matyushentsev --- server/application/application.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/application/application.go b/server/application/application.go index 66908fdae7096..fe9697dc77056 100644 --- a/server/application/application.go +++ b/server/application/application.go @@ -1486,7 +1486,7 @@ func (s *Server) ManagedResources(ctx context.Context, q *application.ResourcesQ res := &application.ManagedResourcesResponse{} for i := range items { item := items[i] - if isMatchingResource(q, kube.ResourceKey{Name: item.Name, Namespace: item.Namespace, Kind: item.Kind, Group: item.Group}) { + if !item.Hook && isMatchingResource(q, kube.ResourceKey{Name: item.Name, Namespace: item.Namespace, Kind: item.Kind, Group: item.Group}) { res.Items = append(res.Items, item) } } From 47066ea46ae0aaeb655995e47e59f21439f29890 Mon Sep 17 00:00:00 2001 From: JesseBot Date: Tue, 1 Aug 2023 19:54:53 +0200 Subject: [PATCH 076/105] docs: Change Generator docs for List Generator to note any key/value pairs can be used (#14825) This is no longer limited to cluster/url value pairs. Signed-off-by: JesseBot --- docs/operator-manual/applicationset/Generators.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/operator-manual/applicationset/Generators.md b/docs/operator-manual/applicationset/Generators.md index 4a2982c740aa7..78600c771fddd 100644 --- a/docs/operator-manual/applicationset/Generators.md +++ b/docs/operator-manual/applicationset/Generators.md @@ -6,7 +6,7 @@ Generators are primarily based on the data source that they use to generate the As of this writing there are nine generators: -- [List generator](Generators-List.md): The List generator allows you to target Argo CD Applications to clusters based on a fixed list of cluster name/URL values. +- [List generator](Generators-List.md): The List generator allows you to target Argo CD Applications to clusters based on a fixed list of any chosen key/value element pairs. - [Cluster generator](Generators-Cluster.md): The Cluster generator allows you to target Argo CD Applications to clusters, based on the list of clusters defined within (and managed by) Argo CD (which includes automatically responding to cluster addition/removal events from Argo CD). - [Git generator](Generators-Git.md): The Git generator allows you to create Applications based on files within a Git repository, or based on the directory structure of a Git repository. - [Matrix generator](Generators-Matrix.md): The Matrix generator may be used to combine the generated parameters of two separate generators. From 69a6c763b84acb3132db0a1ffb1984831fbe125c Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Tue, 1 Aug 2023 18:12:31 -0400 Subject: [PATCH 077/105] chore: improve app destination docstrings (#14836) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- assets/swagger.json | 8 +++---- manifests/core-install.yaml | 24 ++++++++++++------- manifests/crds/application-crd.yaml | 16 ++++++++----- manifests/crds/appproject-crd.yaml | 8 ++++--- manifests/ha/install.yaml | 24 ++++++++++++------- manifests/install.yaml | 24 ++++++++++++------- pkg/apis/application/v1alpha1/generated.proto | 4 ++-- .../application/v1alpha1/openapi_generated.go | 4 ++-- pkg/apis/application/v1alpha1/types.go | 4 ++-- server/extension/extension.go | 13 +++++----- 10 files changed, 77 insertions(+), 52 deletions(-) diff --git a/assets/swagger.json b/assets/swagger.json index 1c724f649504d..b45e3fd09623d 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -5852,16 +5852,16 @@ "title": "ApplicationDestination holds information about the application's destination", "properties": { "name": { - "type": "string", - "title": "Name is an alternate way of specifying the target cluster by its symbolic name" + "description": "Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set.", + "type": "string" }, "namespace": { "type": "string", "title": "Namespace specifies the target namespace for the application's resources.\nThe namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace" }, "server": { - "type": "string", - "title": "Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API" + "description": "Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set.", + "type": "string" } } }, diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 457eee57e50bb..57fd9c59e0096 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -787,7 +787,8 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name + cluster by its symbolic name. This must be set if Server is + not set. type: string namespace: description: Namespace specifies the target namespace for the @@ -795,8 +796,9 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster and - must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is not + set. type: string type: object ignoreDifferences: @@ -3794,7 +3796,8 @@ spec: properties: name: description: Name is an alternate way of specifying the - target cluster by its symbolic name + target cluster by its symbolic name. This must be set + if Server is not set. type: string namespace: description: Namespace specifies the target namespace @@ -3803,8 +3806,9 @@ spec: not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster - and must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name + is not set. type: string type: object ignoreDifferences: @@ -18155,7 +18159,8 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name + cluster by its symbolic name. This must be set if Server is + not set. type: string namespace: description: Namespace specifies the target namespace for the @@ -18163,8 +18168,9 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster - and must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is + not set. type: string type: object type: array diff --git a/manifests/crds/application-crd.yaml b/manifests/crds/application-crd.yaml index fc6282dd321bd..1248bd37b421b 100644 --- a/manifests/crds/application-crd.yaml +++ b/manifests/crds/application-crd.yaml @@ -786,7 +786,8 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name + cluster by its symbolic name. This must be set if Server is + not set. type: string namespace: description: Namespace specifies the target namespace for the @@ -794,8 +795,9 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster and - must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is not + set. type: string type: object ignoreDifferences: @@ -3793,7 +3795,8 @@ spec: properties: name: description: Name is an alternate way of specifying the - target cluster by its symbolic name + target cluster by its symbolic name. This must be set + if Server is not set. type: string namespace: description: Namespace specifies the target namespace @@ -3802,8 +3805,9 @@ spec: not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster - and must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name + is not set. type: string type: object ignoreDifferences: diff --git a/manifests/crds/appproject-crd.yaml b/manifests/crds/appproject-crd.yaml index 335decfc564df..989b3004892f6 100644 --- a/manifests/crds/appproject-crd.yaml +++ b/manifests/crds/appproject-crd.yaml @@ -88,7 +88,8 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name + cluster by its symbolic name. This must be set if Server is + not set. type: string namespace: description: Namespace specifies the target namespace for the @@ -96,8 +97,9 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster - and must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is + not set. type: string type: object type: array diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 20a2c649b2756..32af12f520847 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -787,7 +787,8 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name + cluster by its symbolic name. This must be set if Server is + not set. type: string namespace: description: Namespace specifies the target namespace for the @@ -795,8 +796,9 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster and - must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is not + set. type: string type: object ignoreDifferences: @@ -3794,7 +3796,8 @@ spec: properties: name: description: Name is an alternate way of specifying the - target cluster by its symbolic name + target cluster by its symbolic name. This must be set + if Server is not set. type: string namespace: description: Namespace specifies the target namespace @@ -3803,8 +3806,9 @@ spec: not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster - and must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name + is not set. type: string type: object ignoreDifferences: @@ -18155,7 +18159,8 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name + cluster by its symbolic name. This must be set if Server is + not set. type: string namespace: description: Namespace specifies the target namespace for the @@ -18163,8 +18168,9 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster - and must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is + not set. type: string type: object type: array diff --git a/manifests/install.yaml b/manifests/install.yaml index 31bbd7d8d828c..5f07ae5ca4719 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -787,7 +787,8 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name + cluster by its symbolic name. This must be set if Server is + not set. type: string namespace: description: Namespace specifies the target namespace for the @@ -795,8 +796,9 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster and - must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is not + set. type: string type: object ignoreDifferences: @@ -3794,7 +3796,8 @@ spec: properties: name: description: Name is an alternate way of specifying the - target cluster by its symbolic name + target cluster by its symbolic name. This must be set + if Server is not set. type: string namespace: description: Namespace specifies the target namespace @@ -3803,8 +3806,9 @@ spec: not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster - and must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name + is not set. type: string type: object ignoreDifferences: @@ -18155,7 +18159,8 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name + cluster by its symbolic name. This must be set if Server is + not set. type: string namespace: description: Namespace specifies the target namespace for the @@ -18163,8 +18168,9 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster - and must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is + not set. type: string type: object type: array diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index ee76a7585f99c..7c85b0a729e7d 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -130,14 +130,14 @@ message ApplicationCondition { // ApplicationDestination holds information about the application's destination message ApplicationDestination { - // Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API + // Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set. optional string server = 1; // Namespace specifies the target namespace for the application's resources. // The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace optional string namespace = 2; - // Name is an alternate way of specifying the target cluster by its symbolic name + // Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set. optional string name = 3; } diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index 3caf488c4b5e5..df5cd44622a5c 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -595,7 +595,7 @@ func schema_pkg_apis_application_v1alpha1_ApplicationDestination(ref common.Refe Properties: map[string]spec.Schema{ "server": { SchemaProps: spec.SchemaProps{ - Description: "Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API", + Description: "Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set.", Type: []string{"string"}, Format: "", }, @@ -609,7 +609,7 @@ func schema_pkg_apis_application_v1alpha1_ApplicationDestination(ref common.Refe }, "name": { SchemaProps: spec.SchemaProps{ - Description: "Name is an alternate way of specifying the target cluster by its symbolic name", + Description: "Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set.", Type: []string{"string"}, Format: "", }, diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 5c35bd24cec52..4bf07fc2317da 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -860,12 +860,12 @@ func (c *ApplicationSourcePlugin) RemoveEnvEntry(key string) error { // ApplicationDestination holds information about the application's destination type ApplicationDestination struct { - // Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API + // Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set. Server string `json:"server,omitempty" protobuf:"bytes,1,opt,name=server"` // Namespace specifies the target namespace for the application's resources. // The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace Namespace string `json:"namespace,omitempty" protobuf:"bytes,2,opt,name=namespace"` - // Name is an alternate way of specifying the target cluster by its symbolic name + // Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set. Name string `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"` // nolint:govet diff --git a/server/extension/extension.go b/server/extension/extension.go index 69944d69ad00a..270da5faa88ac 100644 --- a/server/extension/extension.go +++ b/server/extension/extension.go @@ -12,16 +12,17 @@ import ( "strings" "time" - v1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/gorilla/mux" + log "github.com/sirupsen/logrus" + "sigs.k8s.io/yaml" + + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" applisters "github.com/argoproj/argo-cd/v2/pkg/client/listers/application/v1alpha1" "github.com/argoproj/argo-cd/v2/server/rbacpolicy" "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/db" "github.com/argoproj/argo-cd/v2/util/security" "github.com/argoproj/argo-cd/v2/util/settings" - "github.com/gorilla/mux" - log "github.com/sirupsen/logrus" - "sigs.k8s.io/yaml" ) const ( @@ -140,10 +141,10 @@ type ServiceConfig struct { } type ClusterConfig struct { - // Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API + // Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set. Server string `json:"server"` - // Name is an alternate way of specifying the target cluster by its symbolic name + // Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set. Name string `json:"name"` } From 2ed089ace6cb44b5b7f9a456f7995db00d2bfe44 Mon Sep 17 00:00:00 2001 From: Michael Merrill Date: Tue, 1 Aug 2023 18:16:09 -0400 Subject: [PATCH 078/105] feat: Adding kubelogin capability to argocd-k8s-auth (#9460) (#10700) Signed-off-by: mmerrill3 Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- .../commands/argocd_k8s_auth.go | 1 + cmd/argocd-k8s-auth/commands/azure.go | 43 +++++++++ docs/operator-manual/declarative-setup.md | 96 +++++++++++++++++++ go.mod | 35 ++++--- go.sum | 79 ++++++++++++--- 5 files changed, 227 insertions(+), 27 deletions(-) create mode 100644 cmd/argocd-k8s-auth/commands/azure.go diff --git a/cmd/argocd-k8s-auth/commands/argocd_k8s_auth.go b/cmd/argocd-k8s-auth/commands/argocd_k8s_auth.go index 410364e6429df..ce0f3ee3a2f49 100644 --- a/cmd/argocd-k8s-auth/commands/argocd_k8s_auth.go +++ b/cmd/argocd-k8s-auth/commands/argocd_k8s_auth.go @@ -20,6 +20,7 @@ func NewCommand() *cobra.Command { command.AddCommand(newAWSCommand()) command.AddCommand(newGCPCommand()) + command.AddCommand(newAzureCommand()) return command } diff --git a/cmd/argocd-k8s-auth/commands/azure.go b/cmd/argocd-k8s-auth/commands/azure.go new file mode 100644 index 0000000000000..bc45bbacef48b --- /dev/null +++ b/cmd/argocd-k8s-auth/commands/azure.go @@ -0,0 +1,43 @@ +package commands + +import ( + "os" + + "github.com/Azure/kubelogin/pkg/token" + "github.com/spf13/cobra" + + "github.com/argoproj/argo-cd/v2/util/errors" +) + +var ( + envServerApplicationID = "AAD_SERVER_APPLICATION_ID" + envEnvironmentName = "AAD_ENVIRONMENT_NAME" +) + +const ( + DEFAULT_AAD_SERVER_APPLICATION_ID = "6dae42f8-4368-4678-94ff-3960e28e3630" +) + +func newAzureCommand() *cobra.Command { + o := token.NewOptions() + //we'll use default of WorkloadIdentityLogin for the login flow + o.LoginMethod = token.WorkloadIdentityLogin + o.ServerID = DEFAULT_AAD_SERVER_APPLICATION_ID + var command = &cobra.Command{ + Use: "azure", + Run: func(c *cobra.Command, args []string) { + o.UpdateFromEnv() + if v, ok := os.LookupEnv(envServerApplicationID); ok { + o.ServerID = v + } + if v, ok := os.LookupEnv(envEnvironmentName); ok { + o.Environment = v + } + plugin, err := token.New(&o) + errors.CheckError(err) + err = plugin.Do() + errors.CheckError(err) + }, + } + return command +} diff --git a/docs/operator-manual/declarative-setup.md b/docs/operator-manual/declarative-setup.md index a7b7bb28ce08c..4519bb2d1c6a2 100644 --- a/docs/operator-manual/declarative-setup.md +++ b/docs/operator-manual/declarative-setup.md @@ -602,6 +602,8 @@ stringData: } ``` +### EKS + EKS cluster secret example using argocd-k8s-auth and [IRSA](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html): ```yaml @@ -727,6 +729,7 @@ data: "rolearn": ":role/" "username": "" ``` +### GKE GKE cluster secret example using argocd-k8s-auth and [Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity): @@ -757,6 +760,99 @@ stringData: Note that you must enable Workload Identity on your GKE cluster, create GCP service account with appropriate IAM role and bind it to Kubernetes service account for argocd-application-controller and argocd-server (showing Pod logs on UI). See [Use Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) and [Authenticating to the Kubernetes API server](https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication). +### AKS + +Azure cluster secret example using argocd-k8s-auth and [kubelogin](https://github.com/Azure/kubelogin). The option *azure* to the argocd-k8s-auth execProviderConfig encapsulates the *get-token* command for kubelogin. Depending upon which authentication flow is desired (devicecode, spn, ropc, msi, azurecli, workloadidentity), set the environment variable AAD_LOGIN_METHOD with this value. Set other appropriate environment variables depending upon which authentication flow is desired. + +|Variable Name|Description| +|-------------|-----------| +|AAD_LOGIN_METHOD|One of devicecode, spn, ropc, msi, azurecli, or workloadidentity| +|AAD_SERVICE_PRINCIPAL_CLIENT_CERTIFICATE|AAD client cert in pfx. Used in spn login| +|AAD_SERVICE_PRINCIPAL_CLIENT_ID|AAD client application ID| +|AAD_SERVICE_PRINCIPAL_CLIENT_SECRET|AAD client application secret| +|AAD_USER_PRINCIPAL_NAME|Used in the ropc flow| +|AAD_USER_PRINCIPAL_PASSWORD|Used in the ropc flow| +|AZURE_TENANT_ID|The AAD tenant ID.| +|AZURE_AUTHORITY_HOST|Used in the WorkloadIdentityLogin flow| +|AZURE_FEDERATED_TOKEN_FILE|Used in the WorkloadIdentityLogin flow| +|AZURE_CLIENT_ID|Used in the WorkloadIdentityLogin flow| + +In addition to the environment variables above, argocd-k8s-auth accepts two extra environment variables to set the AAD environment, and to set the AAD server application ID. The AAD server application ID will default to 6dae42f8-4368-4678-94ff-3960e28e3630 if not specified. See [here](https://github.com/azure/kubelogin#exec-plugin-format) for details. + +|Variable Name|Description| +|-------------|-----------| +|AAD_ENVIRONMENT_NAME|The azure environment to use, default of AzurePublicCloud| +|AAD_SERVER_APPLICATION_ID|The optional AAD server application ID, defaults to 6dae42f8-4368-4678-94ff-3960e28e3630| + +This is an example of using the [federated workload login flow](https://github.com/Azure/kubelogin#azure-workload-federated-identity-non-interactive). The federated token file needs to be mounted as a secret into argoCD, so it can be used in the flow. The location of the token file needs to be set in the environment variable AZURE_FEDERATED_TOKEN_FILE. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: mycluster-secret + labels: + argocd.argoproj.io/secret-type: cluster +type: Opaque +stringData: + name: mycluster.com + server: https://mycluster.com + config: | + { + "execProviderConfig": { + "command": "argocd-k8s-auth", + "env": { + "AAD_ENVIRONMENT_NAME": "AzurePublicCloud", + "AZURE_CLIENT_ID": "fill in client id", + "AZURE_TENANT_ID": "fill in tenant id", + "AZURE_FEDERATED_TOKEN_FILE": "/opt/path/to/federated_file.json", + "AZURE_AUTHORITY_HOST": "https://login.microsoftonline.com/", + "AAD_LOGIN_METHOD": "workloadidentity" + }, + "args": ["azure"], + "apiVersion": "client.authentication.k8s.io/v1beta1" + }, + "tlsClientConfig": { + "insecure": false, + "caData": "" + } + } +``` + +This is an example of using the spn (service principal name) flow. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: mycluster-secret + labels: + argocd.argoproj.io/secret-type: cluster +type: Opaque +stringData: + name: mycluster.com + server: https://mycluster.com + config: | + { + "execProviderConfig": { + "command": "argocd-k8s-auth", + "env": { + "AAD_ENVIRONMENT_NAME": "AzurePublicCloud", + "AAD_SERVICE_PRINCIPAL_CLIENT_SECRET": "fill in your service principal client secret", + "AZURE_TENANT_ID": "fill in tenant id", + "AAD_SERVICE_PRINCIPAL_CLIENT_ID": "fill in your service principal client id", + "AAD_LOGIN_METHOD": "spn" + }, + "args": ["azure"], + "apiVersion": "client.authentication.k8s.io/v1beta1" + }, + "tlsClientConfig": { + "insecure": false, + "caData": "" + } + } +``` + ## Helm Chart Repositories Non standard Helm Chart repositories have to be registered explicitly. diff --git a/go.mod b/go.mod index 681353f9cbf40..537f3f1653ee9 100644 --- a/go.mod +++ b/go.mod @@ -4,6 +4,7 @@ go 1.19 require ( code.gitea.io/sdk/gitea v0.15.1 + github.com/Azure/kubelogin v0.0.20 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible github.com/Masterminds/semver/v3 v3.2.1 github.com/Masterminds/sprig/v3 v3.2.3 @@ -96,7 +97,7 @@ require ( k8s.io/klog/v2 v2.70.1 k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8 k8s.io/kubectl v0.24.2 - k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 + k8s.io/utils v0.0.0-20220706174534-f6158b442e7c layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 oras.land/oras-go/v2 v2.2.1 sigs.k8s.io/controller-runtime v0.11.0 @@ -106,11 +107,20 @@ require ( require ( dario.cat/mergo v1.0.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v0.5.2 // indirect + github.com/golang-jwt/jwt v3.2.2+incompatible // indirect + github.com/kylelemons/godebug v1.1.0 // indirect + github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect github.com/tidwall/gjson v1.14.4 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.0 // indirect google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect + gopkg.in/retry.v1 v1.0.3 // indirect + k8s.io/klog v1.0.0 // indirect ) require ( @@ -118,8 +128,8 @@ require ( cloud.google.com/go/compute/metadata v0.2.3 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest v0.11.18 // indirect - github.com/Azure/go-autorest/autorest/adal v0.9.13 // indirect + github.com/Azure/go-autorest/autorest v0.11.27 // indirect + github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect @@ -147,10 +157,9 @@ require ( github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect github.com/fatih/camelcase v1.0.0 // indirect github.com/felixge/httpsnoop v1.0.3 // indirect - github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect github.com/fvbommel/sortorder v1.0.1 // indirect github.com/ghodss/yaml v1.0.0 // indirect - github.com/go-errors/errors v1.0.1 // indirect + github.com/go-errors/errors v1.4.2 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.4.1 // indirect github.com/go-jose/go-jose/v3 v3.0.0 // indirect @@ -166,12 +175,12 @@ require ( github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1 // indirect github.com/golang/glog v1.1.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/google/btree v1.0.1 // indirect - github.com/google/gnostic v0.5.7-v3refs // indirect + github.com/google/btree v1.1.2 // indirect + github.com/google/gnostic v0.6.9 // indirect github.com/google/go-github/v41 v41.0.0 // indirect github.com/google/go-github/v53 v53.2.0 // indirect github.com/google/go-querystring v1.1.0 // indirect - github.com/google/gofuzz v1.1.0 // indirect + github.com/google/gofuzz v1.2.0 // indirect github.com/gosimple/unidecode v1.0.1 // indirect github.com/gregdel/pushover v1.1.0 // indirect github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect @@ -229,14 +238,14 @@ require ( github.com/vmihailenco/msgpack/v5 v5.3.4 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect - github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca // indirect + github.com/xlab/treeprint v1.1.0 // indirect go.mongodb.org/mongo-driver v1.11.3 // indirect go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.16.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0 // indirect go.opentelemetry.io/otel/metric v1.16.0 // indirect go.opentelemetry.io/otel/trace v1.16.0 // indirect go.opentelemetry.io/proto/otlp v0.19.0 // indirect - go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect + go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd // indirect golang.org/x/mod v0.9.0 // indirect golang.org/x/net v0.12.0 // indirect golang.org/x/sys v0.10.0 // indirect @@ -259,9 +268,9 @@ require ( k8s.io/kube-aggregator v0.24.2 // indirect k8s.io/kubernetes v1.24.2 // indirect nhooyr.io/websocket v1.8.6 // indirect - sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect - sigs.k8s.io/kustomize/api v0.11.4 // indirect - sigs.k8s.io/kustomize/kyaml v0.13.6 // indirect + sigs.k8s.io/json v0.0.0-20220525155127-227cbc7cc124 // indirect + sigs.k8s.io/kustomize/api v0.11.5 // indirect + sigs.k8s.io/kustomize/kyaml v0.13.7 // indirect ) replace ( diff --git a/go.sum b/go.sum index c4174584c8ccf..55c25a7ab45f2 100644 --- a/go.sum +++ b/go.sum @@ -609,24 +609,38 @@ dmitri.shuralyov.com/gpu/mtl v0.0.0-20201218220906-28db891af037/go.mod h1:H6x//7 gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc= github.com/Azure/azure-sdk-for-go v55.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 h1:tz19qLF65vuu2ibfTqGVJxG/zZAI27NEIIbvAOQwYbw= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4SathZPhDhF4mVwpBMFlYjyAqy8= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0/go.mod h1:bhXu1AjYL+wutSL/kpSq6s7733q2Rb0yuot9Zgfqa/0= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 h1:jp0dGvZ7ZK0mgqnTSClMxa5xuRL7NZgHameVYF6BurY= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.18 h1:90Y4srNYrwOtAgVo3ndrQkTYn6kf1Eg/AjTFJ8Is2aM= github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= -github.com/Azure/go-autorest/autorest/adal v0.9.13 h1:Mp5hbtOePIzM8pJVRa3YLrWWmZtoxRXqUEzCfJt3+/Q= +github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A= +github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= +github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= +github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg= +github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= -github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw= +github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU= github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQvokg3NZAlQTalVMtOIAs1aGK7G6u8= github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= +github.com/Azure/kubelogin v0.0.20 h1:pDJhxzUWk2f/wjYQJFb0Vet7OYrcg6DLx1qj+sbXY70= +github.com/Azure/kubelogin v0.0.20/go.mod h1:QNuYUuwM2lqho9ovG5U/yv3/ZmFbEru3Jluw2ZeKcSk= +github.com/AzureAD/microsoft-authentication-library-for-go v0.5.2 h1:BGX4OiGP9htYSd6M3pAZctcUUSruhIAUVkv2X0Cn9yE= +github.com/AzureAD/microsoft-authentication-library-for-go v0.5.2/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/GoogleCloudPlatform/k8s-cloud-provider v1.16.1-0.20210702024009-ea6160c1d0e3/go.mod h1:8XasY4ymP2V/tn2OOV9ZadmiTE1FIB/h3W+yNlPttKw= @@ -745,6 +759,7 @@ github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 h1:IRY7Xy588KylkoycsUhFpW7cdGp github.com/bradleyfalzon/ghinstallation/v2 v2.6.0/go.mod h1:oQ3etOwN3TRH4EwgW5/7MxSVMGlMlzG/O8TU7eYdoSk= github.com/bsm/ginkgo/v2 v2.7.0 h1:ItPMPH90RbmZJt5GtkcNvIRuGEdwlBItdNVoyzaNQao= github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y= +github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q= @@ -853,6 +868,7 @@ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/r github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= +github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c= github.com/docker/distribution v2.8.0+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= @@ -911,14 +927,15 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= +github.com/frankban/quicktest v1.2.2/go.mod h1:Qh/WofXFeiAFII1aEBu529AtJo6Zg2VHscnEsbBnJ20= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= @@ -939,8 +956,9 @@ github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmC github.com/gin-gonic/gin v1.6.3 h1:ahKqKTFpO5KTPHxWZjEdPScmYaGtLo8Y4DMHoEsnp14= github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M= github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= -github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= +github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g= github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks= github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= @@ -1085,6 +1103,11 @@ github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zV github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= +github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= +github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= +github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= +github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= @@ -1118,15 +1141,18 @@ github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEW github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e/go.mod h1:0AA//k/eakGydO4jKRoRL2j92ZKSzTgj9tclaCrvXHk= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= +github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= +github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/cadvisor v0.44.1/go.mod h1:GQ9KQfz0iNHQk3D6ftzJWK4TXabfIgM10Oy3FkR+Gzg= github.com/google/cel-go v0.10.1/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w= github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= -github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= +github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0= +github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.2.1-0.20190312032427-6f77996f0c42/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= @@ -1154,8 +1180,9 @@ github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= @@ -1382,6 +1409,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/ktrysmt/go-bitbucket v0.9.63 h1:Dfcl+h0FV2yRDWjyFkI1OnyzmkHn7zy9ljT0kgrkbX8= github.com/ktrysmt/go-bitbucket v0.9.63/go.mod h1:QvxNfWkVjw8mPuvfGOgWHuv51P5yZKFqXdPh0JeG8B8= +github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= @@ -1483,6 +1512,7 @@ github.com/mohae/deepcopy v0.0.0-20170603005431-491d3605edfb/go.mod h1:TaXosZuwd github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= +github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= @@ -1591,6 +1621,9 @@ github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= +github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ= +github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU= +github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -1659,6 +1692,8 @@ github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= +github.com/rogpeppe/clock v0.0.0-20190514195947-2896927a307a h1:3QH7VyOaaiUHNrA9Se4YQIRkDTCw1EJls9xTUCaCeRM= +github.com/rogpeppe/clock v0.0.0-20190514195947-2896927a307a/go.mod h1:4r5QyqhjIWCcK8DO4KMclc5Iknq5qVBAlbYYzAbUScQ= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= @@ -1810,9 +1845,13 @@ github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+ github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g= github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM= github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8= +github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= +github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca h1:1CFlNzQhALwjS9mBAUkycX616GzgsuYUOCHA5+HSlXI= github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg= +github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk= +github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -1886,8 +1925,9 @@ go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqe go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw= go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= -go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee331t6JAXeK2bcyhLOOc= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= +go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd h1:Uo/x0Ir5vQJ+683GXB9Ug+4fcjsbp7z7Ul8UaZbhsRM= +go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd/go.mod h1:t3mmBBPzAVvK0L0n1drDmrQsJ8FoIx4INCqVMTr/Zo0= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -1926,6 +1966,7 @@ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= @@ -2232,6 +2273,7 @@ golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210608053332-aa57babbf139/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2753,6 +2795,8 @@ gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= +gopkg.in/retry.v1 v1.0.3 h1:a9CArYczAVv6Qs6VGoLMio99GEs7kY9UzSF9+LD+iGs= +gopkg.in/retry.v1 v1.0.3/go.mod h1:FJkXmWiMaAo7xB+xhvDF59zhfjDWyzmyAxiT4dB688g= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= @@ -2804,6 +2848,8 @@ k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8 k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 h1:TT1WdmqqXareKxZ/oNXEUSwKlLiHzPMyB0t8BaFeBYI= k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= +k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= @@ -2816,6 +2862,7 @@ k8s.io/kube-aggregator v0.24.2/go.mod h1:Ju2jNDixn+vqeeKEBfjfpc204bO1pbdXX0N9knC k8s.io/kube-controller-manager v0.24.2/go.mod h1:KDE0yqiEvxYiO0WRpPA4rVx8AcK1vsWydUF37AJ9lTI= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk= +k8s.io/kube-openapi v0.0.0-20220401212409-b28bf2818661/go.mod h1:daOouuuwd9JXpv1L7Y34iV3yf6nxzipkKMWWlqlvK9M= k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8 h1:yEQKdMCjzAOvGeiTwG4hO/hNVNtDOuUFvMUZ0OlaIzs= k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8/go.mod h1:mbJ+NSUoAhuR14N0S63bPkh8MGVSo3VYSGZtH/mfMe0= k8s.io/kube-proxy v0.24.2/go.mod h1:bozS2ufl/Ns6s40Ue34eV7rqyLVygi5usSmCgW7rFU8= @@ -2833,8 +2880,9 @@ k8s.io/sample-apiserver v0.24.2/go.mod h1:mf8qgDdu450wqpCJOkSAmoTgU4PIMAcfa5uTBw k8s.io/system-validators v1.7.0/go.mod h1:gP1Ky+R9wtrSiFbrpEPwWMeYz9yqyy1S/KOh0Vci7WI= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19Vz2GdbOCyI4qqhc= k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20220706174534-f6158b442e7c h1:hFZO68mv/0xe8+V0gRT9BAq3/31cKjjeVv4nScriuBk= +k8s.io/utils v0.0.0-20220706174534-f6158b442e7c/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 h1:RZkKxMR3jbQxdCEcglq3j7wY3PRJIopAwBlx1RE71X0= layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427/go.mod h1:ivKkcY8Zxw5ba0jldhZCYYQfGdb2K6u9tbYK1AwMIBc= lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= @@ -2887,14 +2935,17 @@ rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw= sigs.k8s.io/controller-runtime v0.11.0 h1:DqO+c8mywcZLFJWILq4iktoECTyn30Bkj0CwgqMpZWQ= sigs.k8s.io/controller-runtime v0.11.0/go.mod h1:KKwLiTooNGu+JmLZGn9Sl3Gjmfj66eMbCQznLP5zcqA= -sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY= -sigs.k8s.io/kustomize/api v0.11.4 h1:/0Mr3kfBBNcNPOW5Qwk/3eb8zkswCwnqQxxKtmrTkRo= +sigs.k8s.io/json v0.0.0-20220525155127-227cbc7cc124 h1:2sgAQQcY0dEW2SsQwTXhQV4vO6+rSslYx8K3XmM5hqQ= +sigs.k8s.io/json v0.0.0-20220525155127-227cbc7cc124/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY= sigs.k8s.io/kustomize/api v0.11.4/go.mod h1:k+8RsqYbgpkIrJ4p9jcdPqe8DprLxFUUO0yNOq8C+xI= +sigs.k8s.io/kustomize/api v0.11.5 h1:vLDp++YAX7iy2y2CVPJNy9pk9CY8XaUKgHkjbVtnWag= +sigs.k8s.io/kustomize/api v0.11.5/go.mod h1:2UDpxS6AonWXow2ZbySd4AjUxmdXLeTlvGBC46uSiq8= sigs.k8s.io/kustomize/cmd/config v0.10.6/go.mod h1:/S4A4nUANUa4bZJ/Edt7ZQTyKOY9WCER0uBS1SW2Rco= sigs.k8s.io/kustomize/kustomize/v4 v4.5.4/go.mod h1:Zo/Xc5FKD6sHl0lilbrieeGeZHVYCA4BzxeAaLI05Bg= -sigs.k8s.io/kustomize/kyaml v0.13.6 h1:eF+wsn4J7GOAXlvajv6OknSunxpcOBQQqsnPxObtkGs= sigs.k8s.io/kustomize/kyaml v0.13.6/go.mod h1:yHP031rn1QX1lr/Xd934Ri/xdVNG8BE2ECa78Ht/kEg= +sigs.k8s.io/kustomize/kyaml v0.13.7 h1:/EZ/nPaLUzeJKF/BuJ4QCuMVJWiEVoI8iftOHY3g3tk= +sigs.k8s.io/kustomize/kyaml v0.13.7/go.mod h1:6K+IUOuir3Y7nucPRAjw9yth04KSWBnP5pqUTGwj/qU= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk= From 3f9133eb59da818b7b24cadc871a14df7974736b Mon Sep 17 00:00:00 2001 From: Leonardo Luz Almeida Date: Tue, 1 Aug 2023 20:42:11 -0400 Subject: [PATCH 079/105] chore: Add header support for proxy extension requests (#14800) * chore: add server URL in the header of proxy extensions Signed-off-by: Leonardo Luz Almeida * feat: add header support for proxy extension requests Signed-off-by: Leonardo Luz Almeida * Address review comments Signed-off-by: Leonardo Luz Almeida * address review comments Signed-off-by: Leonardo Luz Almeida * Address review comments Signed-off-by: Leonardo Luz Almeida * Address review comments Signed-off-by: Leonardo Luz Almeida --------- Signed-off-by: Leonardo Luz Almeida --- .../extensions/proxy-extensions.md | 76 ++++++++++++++- server/extension/extension.go | 96 ++++++++++++++++--- server/extension/extension_test.go | 46 +++++++++ 3 files changed, 203 insertions(+), 15 deletions(-) diff --git a/docs/developer-guide/extensions/proxy-extensions.md b/docs/developer-guide/extensions/proxy-extensions.md index 4ab80006d2613..e75cc03beae2c 100644 --- a/docs/developer-guide/extensions/proxy-extensions.md +++ b/docs/developer-guide/extensions/proxy-extensions.md @@ -52,6 +52,9 @@ data: maxIdleConnections: 30 services: - url: http://httpbin.org + headers: + - name: some-header + value: '$some.argocd.secret.key' cluster: name: some-cluster server: https://some-cluster @@ -111,6 +114,34 @@ Defines a list with backend url by cluster. Is the address where the extension backend must be available. +#### `extensions.backend.services.headers` (*list*) + +If provided, the headers list will be added on all outgoing requests +for this service config. Existing headers in the incoming request with +the same name will be overriden by the one in this list. Reserved header +names will be ignored (see the [headers](#incoming-request-headers) below). + +#### `extensions.backend.services.headers.name` (*string*) +(mandatory) + +Defines the name of the header. It is a mandatory field if a header is +provided. + +#### `extensions.backend.services.headers.value` (*string*) +(mandatory) + +Defines the value of the header. It is a mandatory field if a header is +provided. The value can be provided as verbatim or as a reference to an +Argo CD secret key. In order to provide it as a reference, it is +necessary to prefix it with a dollar sign. + +Example: + + value: '$some.argocd.secret.key' + +In the example above, the value will be replaced with the one from +the argocd-secret with key 'some.argocd.secret.key'. + #### `extensions.backend.services.cluster` (*object*) (optional) @@ -166,14 +197,14 @@ configuration: └─────────────────┘ ``` -### Headers +### Incoming Request Headers Note that Argo CD API Server requires additional HTTP headers to be sent in order to enforce if the incoming request is authenticated and authorized before being proxied to the backend service. The headers are documented below: -#### `Cookie` (*mandatory*) +#### `Cookie` Argo CD UI keeps the authentication token stored in a cookie (`argocd.token`). This value needs to be sent in the `Cookie` header @@ -212,6 +243,25 @@ same headers are also sent to the backend service. The backend service must also validate if the validated headers are compatible with the rest of the incoming request. +### Outgoing Requets Headers + +Requests sent to backend services will be decorated with additional +headers. The outgoing request headers are documented below: + +#### `Argocd-Target-Cluster-Name` + +Will be populated with the value from `app.Spec.Destination.Name` if +it is not empty string in the application resource. + +#### `Argocd-Target-Cluster-URL` + +Will be populated with the value from `app.Spec.Destination.Server` if +it is not empty string is the Application resource. + +Note that additional pre-configured headers can be added to outgoing +request. See [backend service headers](#extensionsbackendservicesheaders-list) +section for more details. + ### Multi Backend Use-Case In some cases when Argo CD is configured to sync with multiple remote @@ -256,6 +306,28 @@ is then sanitized before being sent to the backend service. The request sanitization will remove sensitive information from the request like the `Cookie` and `Authorization` headers. +A new `Authorization` header can be added to the outgoing request by +defining it as a header in the `extensions.backend.services.headers` +configuration. Consider the following example: + +```yaml +extension.config: | + extensions: + - name: some-extension + backend: + services: + - url: http://extension-name.com:8080 + headers: + - name: Authorization + value: '$some-extension.authorization.header' +``` + +In the example above, all requests sent to +`http://extension-name.com:8080` will have an additional +`Authorization` header. The value of this header will be the one from +the [argocd-secret](../../operator-manual/argocd-secret-yaml.md) with +key `some-extension.authorization.header` + [1]: https://github.com/argoproj/argoproj/blob/master/community/feature-status.md [2]: https://argo-cd.readthedocs.io/en/stable/operator-manual/argocd-cm.yaml [3]: ../../operator-manual/rbac.md#the-extensions-resource diff --git a/server/extension/extension.go b/server/extension/extension.go index 270da5faa88ac..472d9ba3d6e16 100644 --- a/server/extension/extension.go +++ b/server/extension/extension.go @@ -45,6 +45,25 @@ const ( // Example: // Argocd-Project-Name: "default" HeaderArgoCDProjectName = "Argocd-Project-Name" + + // HeaderArgoCDTargetClusterURL defines the target cluster URL + // that the Argo CD application is associated with. This header + // will be populated by the extension proxy and passed to the + // configured backend service. If this header is passed by + // the client, its value will be overriden by the extension + // handler. + // + // Example: + // Argocd-Target-Cluster-URL: "https://kubernetes.default.svc.cluster.local" + HeaderArgoCDTargetClusterURL = "Argocd-Target-Cluster-URL" + + // HeaderArgoCDTargetClusterName defines the target cluster name + // that the Argo CD application is associated with. This header + // will be populated by the extension proxy and passed to the + // configured backend service. If this header is passed by + // the client, its value will be overriden by the extension + // handler. + HeaderArgoCDTargetClusterName = "Argocd-Target-Cluster-Name" ) // RequestResources defines the authorization scope for @@ -138,6 +157,26 @@ type ServiceConfig struct { // destination name to have requests properly forwarded to this // service URL. Cluster *ClusterConfig `json:"cluster,omitempty"` + + // Headers if provided, the headers list will be added on all + // outgoing requests for this service config. + Headers []Header `json:"headers"` +} + +// Header defines the header to be added in the proxy requests. +type Header struct { + // Name defines the name of the header. It is a mandatory field if + // a header is provided. + Name string `json:"name"` + // Value defines the value of the header. The actual value can be + // provided as verbatim or as a reference to an Argo CD secret key. + // In order to provide it as a reference, it is necessary to prefix + // it with a dollar sign. + // Example: + // value: '$some.argocd.secret.key' + // In the example above, the value will be replaced with the one from + // the argocd-secret with key 'some.argocd.secret.key'. + Value string `json:"value"` } type ClusterConfig struct { @@ -304,11 +343,23 @@ func proxyKey(extName, cName, cServer string) ProxyKey { } } -func parseAndValidateConfig(config string) (*ExtensionConfigs, error) { +func parseAndValidateConfig(s *settings.ArgoCDSettings) (*ExtensionConfigs, error) { + extConfigMap := map[string]interface{}{} + err := yaml.Unmarshal([]byte(s.ExtensionConfig), &extConfigMap) + if err != nil { + return nil, fmt.Errorf("invalid extension config: %s", err) + } + + parsedExtConfig := settings.ReplaceMapSecrets(extConfigMap, s.Secrets) + parsedExtConfigBytes, err := yaml.Marshal(parsedExtConfig) + if err != nil { + return nil, fmt.Errorf("error marshaling parsed extension config: %s", err) + } + configs := ExtensionConfigs{} - err := yaml.Unmarshal([]byte(config), &configs) + err = yaml.Unmarshal(parsedExtConfigBytes, &configs) if err != nil { - return nil, fmt.Errorf("invalid yaml: %s", err) + return nil, fmt.Errorf("invalid parsed extension config: %s", err) } err = validateConfigs(&configs) if err != nil { @@ -344,6 +395,16 @@ func validateConfigs(configs *ExtensionConfigs) error { return fmt.Errorf("cluster.name or cluster.server must be defined when cluster is provided in the configuration") } } + if len(svc.Headers) > 0 { + for _, header := range svc.Headers { + if header.Name == "" { + return fmt.Errorf("header.name must be defined when providing service headers in the configuration") + } + if header.Value == "" { + return fmt.Errorf("header.value must be defined when providing service headers in the configuration") + } + } + } } } return nil @@ -351,7 +412,7 @@ func validateConfigs(configs *ExtensionConfigs) error { // NewProxy will instantiate a new reverse proxy based on the provided // targetURL and config. -func NewProxy(targetURL string, config ProxyConfig) (*httputil.ReverseProxy, error) { +func NewProxy(targetURL string, headers []Header, config ProxyConfig) (*httputil.ReverseProxy, error) { url, err := url.Parse(targetURL) if err != nil { return nil, fmt.Errorf("failed to parse proxy URL: %s", err) @@ -363,6 +424,11 @@ func NewProxy(targetURL string, config ProxyConfig) (*httputil.ReverseProxy, err req.URL.Scheme = url.Scheme req.URL.Host = url.Host req.Header.Set("Host", url.Host) + req.Header.Del("Authorization") + req.Header.Del("Cookie") + for _, header := range headers { + req.Header.Set(header.Name, header.Value) + } }, } return proxy, nil @@ -404,16 +470,16 @@ func applyProxyConfigDefaults(c *ProxyConfig) { // router. func (m *Manager) RegisterHandlers(r *mux.Router) error { m.log.Info("Registering extension handlers...") - config, err := m.settings.Get() + settings, err := m.settings.Get() if err != nil { return fmt.Errorf("error getting settings: %s", err) } - if config.ExtensionConfig == "" { + if settings.ExtensionConfig == "" { return fmt.Errorf("No extensions configurations found") } - extConfigs, err := parseAndValidateConfig(config.ExtensionConfig) + extConfigs, err := parseAndValidateConfig(settings) if err != nil { return fmt.Errorf("error parsing extension config: %s", err) } @@ -468,7 +534,7 @@ func (m *Manager) registerExtensions(r *mux.Router, extConfigs *ExtensionConfigs registry := NewProxyRegistry() singleBackend := len(ext.Backend.Services) == 1 for _, service := range ext.Backend.Services { - proxy, err := NewProxy(service.URL, ext.Backend.ProxyConfig) + proxy, err := NewProxy(service.URL, service.Headers, ext.Backend.ProxyConfig) if err != nil { return fmt.Errorf("error creating proxy: %s", err) } @@ -581,17 +647,21 @@ func (m *Manager) CallExtension(extName string, registry ProxyRegistry) func(htt return } - sanitizeRequest(r, extName) + prepareRequest(r, extName, app) m.log.Debugf("proxing request for extension %q", extName) proxy.ServeHTTP(w, r) } } -// sanitizeRequest is reponsible for preparing and cleaning the given +// prepareRequest is reponsible for preparing and cleaning the given // request, removing sensitive information before forwarding it to the // proxy extension. -func sanitizeRequest(r *http.Request, extName string) { +func prepareRequest(r *http.Request, extName string, app *v1alpha1.Application) { r.URL.Path = strings.TrimPrefix(r.URL.Path, fmt.Sprintf("%s/%s", URLPrefix, extName)) - r.Header.Del("Cookie") - r.Header.Del("Authorization") + if app.Spec.Destination.Name != "" { + r.Header.Set(HeaderArgoCDTargetClusterName, app.Spec.Destination.Name) + } + if app.Spec.Destination.Server != "" { + r.Header.Set(HeaderArgoCDTargetClusterURL, app.Spec.Destination.Server) + } } diff --git a/server/extension/extension_test.go b/server/extension/extension_test.go index aafb0d29de4be..51d281960013c 100644 --- a/server/extension/extension_test.go +++ b/server/extension/extension_test.go @@ -210,6 +210,14 @@ func TestRegisterHandlers(t *testing.T) { name: "invalid name", configYaml: getExtensionConfigInvalidName(), }, + { + name: "no header name", + configYaml: getExtensionConfigNoHeaderName(), + }, + { + name: "no header value", + configYaml: getExtensionConfigNoHeaderValue(), + }, } // when @@ -334,9 +342,12 @@ func TestExtensionsHandler(t *testing.T) { f.rbacMock.On("EnforceErr", mock.Anything, rbacpolicy.ResourceExtensions, rbacpolicy.ActionInvoke, mock.Anything).Return(extAccessError) } + secrets := make(map[string]string) + secrets["extension.auth.header"] = "Bearer some-bearer-token" withExtensionConfig := func(configYaml string, f *fixture) { settings := &settings.ArgoCDSettings{ ExtensionConfig: configYaml, + Secrets: secrets, } f.settingsGetterMock.On("Get", mock.Anything).Return(settings, nil) } @@ -393,6 +404,9 @@ func TestExtensionsHandler(t *testing.T) { clusterName := "clusterName" clusterURL := "clusterURL" backendSrv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + for k, v := range r.Header { + w.Header().Add(k, strings.Join(v, ",")) + } fmt.Fprintln(w, backendResponse) })) defer backendSrv.Close() @@ -417,6 +431,8 @@ func TestExtensionsHandler(t *testing.T) { require.NoError(t, err) actual := strings.TrimSuffix(string(body), "\n") assert.Equal(t, backendResponse, actual) + assert.Equal(t, clusterURL, resp.Header.Get(extension.HeaderArgoCDTargetClusterURL)) + assert.Equal(t, "Bearer some-bearer-token", resp.Header.Get("Authorization")) }) t.Run("will route requests with 2 backends for the same extension successfully", func(t *testing.T) { // given @@ -637,6 +653,9 @@ extensions: backend: services: - url: %s + headers: + - name: Authorization + value: '$extension.auth.header' ` return fmt.Sprintf(cfg, name, url) } @@ -667,6 +686,9 @@ extensions: backend: services: - url: https://httpbin.org + headers: + - name: some-header + value: '$some.secret.ref' - name: some-backend backend: services: @@ -701,3 +723,27 @@ extensions: - cluster: some-cluster ` } + +func getExtensionConfigNoHeaderName() string { + return ` +extensions: +- name: some-extension + backend: + services: + - url: https://httpbin.org + headers: + - value: '$some.secret.key' +` +} + +func getExtensionConfigNoHeaderValue() string { + return ` +extensions: +- name: some-extension + backend: + services: + - url: https://httpbin.org + headers: + - name: some-header-name +` +} From c721592d210383dadcf0bf0dfcfce9c7a1794162 Mon Sep 17 00:00:00 2001 From: Nicholas Morey Date: Tue, 1 Aug 2023 21:02:04 -0400 Subject: [PATCH 080/105] docs: use consistent password in plugin generator examples (#14837) * docs: use consistent password in plugin generator examples The example secret with the token is using `strong-password`, but the later examples use `string-password`. This updates all of the examples to use `strong-password`. Signed-off-by: Nicholas Morey * docs: update another-secret example to include `strong-password` Consistent with above example of client token in argocd-secret Signed-off-by: Nicholas Morey --------- Signed-off-by: Nicholas Morey --- .../applicationset/Generators-Plugin.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/operator-manual/applicationset/Generators-Plugin.md b/docs/operator-manual/applicationset/Generators-Plugin.md index 57ae0f90fb840..3747c38865df5 100644 --- a/docs/operator-manual/applicationset/Generators-Plugin.md +++ b/docs/operator-manual/applicationset/Generators-Plugin.md @@ -94,8 +94,8 @@ metadata: type: Opaque data: # ... - # The secret value must be base64 encoded **once** - # this value corresponds to: `printf "strong-password" | base64` + # The secret value must be base64 encoded **once**. + # this value corresponds to: `printf "strong-password" | base64`. plugin.myplugin.token: "c3Ryb25nLXBhc3N3b3Jk" # ... ``` @@ -124,9 +124,9 @@ type: Opaque data: # ... # Store client secret like below. - # Ensure the secret is base64 encoded - plugin.myplugin.token: - # ... + # The secret value must be base64 encoded **once**. + # This value corresponds to: `printf "strong-password" | base64`. + plugin.myplugin.token: "c3Ryb25nLXBhc3N3b3Jk" ``` ### HTTP server @@ -138,7 +138,7 @@ You can deploy it either as a sidecar or as a standalone deployment (the latter In the example, the token is stored in a file at this location : `/var/run/argo/token` ``` -string-password +strong-password ``` ```python @@ -199,7 +199,7 @@ if __name__ == '__main__': Execute getparams with curl : ``` -curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer string-password" -d \ +curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer strong-password" -d \ '{ "applicationSetName": "fake-appset", "input": { @@ -283,7 +283,7 @@ To illustrate : - The generator plugin would then perform 2 requests as follows : ```shell -curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer string-password" -d \ +curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer strong-password" -d \ '{ "applicationSetName": "fb-matrix", "input": { @@ -297,7 +297,7 @@ curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer st Then, ```shell -curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer string-password" -d \ +curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer strong-password" -d \ '{ "applicationSetName": "fb-matrix", "input": { From 08465c61749b1d297936ab4ad1c84a1e92e0e1e3 Mon Sep 17 00:00:00 2001 From: Ashin Sabu <139749674+ashinsabu3@users.noreply.github.com> Date: Wed, 2 Aug 2023 20:39:03 +0530 Subject: [PATCH 081/105] chore: give context to error logs #10592 (#14851) * chore: give context to error logs Signed-off-by: ashinsabu3 * Update reposerver/repository/repository.go Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: ashinsabu3 Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- reposerver/repository/lock.go | 2 +- reposerver/repository/repository.go | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/reposerver/repository/lock.go b/reposerver/repository/lock.go index 05eddf667d82a..fa8da9c3e5089 100644 --- a/reposerver/repository/lock.go +++ b/reposerver/repository/lock.go @@ -55,7 +55,7 @@ func (r *repositoryLock) Lock(path string, revision string, allowConcurrent bool initCloser, err := init() if err != nil { state.cond.L.Unlock() - return nil, err + return nil, fmt.Errorf("failed to initialize repository resources: %w", err) } state.initCloser = initCloser state.revision = revision diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index b9dd3d02e5dba..4654257848f69 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -199,7 +199,7 @@ func (s *Service) ListRefs(ctx context.Context, q *apiclient.ListRefsRequest) (* func (s *Service) ListApps(ctx context.Context, q *apiclient.ListAppsRequest) (*apiclient.AppList, error) { gitClient, commitSHA, err := s.newClientResolveRevision(q.Repo, q.Revision) if err != nil { - return nil, err + return nil, fmt.Errorf("error setting up git client and resolving given revision: %w", err) } if apps, err := s.cache.ListApps(q.Repo.Repo, commitSHA); err == nil { log.Infof("cache hit: %s/%s", q.Repo.Repo, q.Revision) @@ -214,13 +214,13 @@ func (s *Service) ListApps(ctx context.Context, q *apiclient.ListAppsRequest) (* }) if err != nil { - return nil, err + return nil, fmt.Errorf("error acquiring repository lock: %w", err) } defer io.Close(closer) apps, err := discovery.Discover(ctx, gitClient.Root(), gitClient.Root(), q.EnabledSourceTypes, s.initConstants.CMPTarExcludedGlobs) if err != nil { - return nil, err + return nil, fmt.Errorf("error discovering applications: %w", err) } err = s.cache.SetApps(q.Repo.Repo, commitSHA, apps) if err != nil { @@ -943,7 +943,7 @@ func (s *Service) getManifestCacheEntry(cacheKey string, q *apiclient.ManifestRe func getHelmRepos(appPath string, repositories []*v1alpha1.Repository, helmRepoCreds []*v1alpha1.RepoCreds) ([]helm.HelmRepository, error) { dependencies, err := getHelmDependencyRepos(appPath) if err != nil { - return nil, err + return nil, fmt.Errorf("error retrieving helm dependency repos: %w", err) } reposByName := make(map[string]*v1alpha1.Repository) reposByUrl := make(map[string]*v1alpha1.Repository) @@ -1000,12 +1000,12 @@ func getHelmDependencyRepos(appPath string) ([]*v1alpha1.Repository, error) { repos := make([]*v1alpha1.Repository, 0) f, err := os.ReadFile(filepath.Join(appPath, "Chart.yaml")) if err != nil { - return nil, err + return nil, fmt.Errorf("error reading helm chart from %s: %w", filepath.Join(appPath, "Chart.yaml"), err) } d := &dependencies{} if err = yaml.Unmarshal(f, d); err != nil { - return nil, err + return nil, fmt.Errorf("error unmarshalling the helm chart while getting helm dependency repos: %w", err) } for _, r := range d.Dependencies { From b730747e3988721371861ff975062d017f651288 Mon Sep 17 00:00:00 2001 From: Leonardo Luz Almeida Date: Wed, 2 Aug 2023 11:19:22 -0400 Subject: [PATCH 082/105] chore: add more tests in proxy extension headers (#14842) Signed-off-by: Leonardo Luz Almeida --- .../extensions/proxy-extensions.md | 2 +- server/extension/extension_test.go | 25 ++++++++++++++----- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/docs/developer-guide/extensions/proxy-extensions.md b/docs/developer-guide/extensions/proxy-extensions.md index e75cc03beae2c..8074537170811 100644 --- a/docs/developer-guide/extensions/proxy-extensions.md +++ b/docs/developer-guide/extensions/proxy-extensions.md @@ -243,7 +243,7 @@ same headers are also sent to the backend service. The backend service must also validate if the validated headers are compatible with the rest of the incoming request. -### Outgoing Requets Headers +### Outgoing Requests Headers Requests sent to backend services will be decorated with additional headers. The outgoing request headers are documented below: diff --git a/server/extension/extension_test.go b/server/extension/extension_test.go index 51d281960013c..cb71f01a2148b 100644 --- a/server/extension/extension_test.go +++ b/server/extension/extension_test.go @@ -342,9 +342,11 @@ func TestExtensionsHandler(t *testing.T) { f.rbacMock.On("EnforceErr", mock.Anything, rbacpolicy.ResourceExtensions, rbacpolicy.ActionInvoke, mock.Anything).Return(extAccessError) } - secrets := make(map[string]string) - secrets["extension.auth.header"] = "Bearer some-bearer-token" withExtensionConfig := func(configYaml string, f *fixture) { + secrets := make(map[string]string) + secrets["extension.auth.header"] = "Bearer some-bearer-token" + secrets["extension.auth.header2"] = "Bearer another-bearer-token" + settings := &settings.ArgoCDSettings{ ExtensionConfig: configYaml, Secrets: secrets, @@ -363,6 +365,9 @@ func TestExtensionsHandler(t *testing.T) { startBackendTestSrv := func(response string) *httptest.Server { return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + for k, v := range r.Header { + w.Header().Add(k, strings.Join(v, ",")) + } fmt.Fprintln(w, response) })) @@ -482,6 +487,7 @@ func TestExtensionsHandler(t *testing.T) { require.NoError(t, err) actual := strings.TrimSuffix(string(body), "\n") assert.Equal(t, response1, actual) + assert.Equal(t, "Bearer some-bearer-token", resp1.Header.Get("Authorization")) require.NotNil(t, resp2) assert.Equal(t, http.StatusOK, resp2.StatusCode) @@ -489,6 +495,7 @@ func TestExtensionsHandler(t *testing.T) { require.NoError(t, err) actual = strings.TrimSuffix(string(body), "\n") assert.Equal(t, response2, actual) + assert.Equal(t, "Bearer another-bearer-token", resp2.Header.Get("Authorization")) }) t.Run("will return 401 if sub has no access to get application", func(t *testing.T) { // given @@ -667,9 +674,15 @@ extensions: backend: services: - url: %s + headers: + - name: Authorization + value: '$extension.auth.header' cluster: name: %s - url: %s + headers: + - name: Authorization + value: '$extension.auth.header2' cluster: server: %s ` @@ -731,8 +744,8 @@ extensions: backend: services: - url: https://httpbin.org - headers: - - value: '$some.secret.key' + headers: + - value: '$some.secret.key' ` } @@ -743,7 +756,7 @@ extensions: backend: services: - url: https://httpbin.org - headers: - - name: some-header-name + headers: + - name: some-header-name ` } From c8ae5bc3e79fa985632861f75669c07523f5ded6 Mon Sep 17 00:00:00 2001 From: Blake Pettersson Date: Wed, 2 Aug 2023 22:48:57 +0200 Subject: [PATCH 083/105] chore: revert #12255 (#14858) This reverts commit c651bd8de551c85fc897c997c1976d6777259921. Due to the imminent release of 2.8, this needs to be rolled back since the proposed fix in #14210 cannot make it in time. Signed-off-by: Blake Pettersson --- cmd/argocd/commands/app.go | 42 +- cmd/argocd/commands/project.go | 14 +- controller/state.go | 2 - reposerver/apiclient/repository.pb.go | 400 +++++++----------- reposerver/repository/repository.go | 19 - reposerver/repository/repository.proto | 4 - reposerver/repository/repository_test.go | 170 ++------ server/application/application.go | 16 - test/e2e/helm_test.go | 40 -- .../Chart.yaml | 6 +- util/argo/argo.go | 4 - 11 files changed, 212 insertions(+), 505 deletions(-) diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go index 82af6f7e3b004..cf927b1edfece 100644 --- a/cmd/argocd/commands/app.go +++ b/cmd/argocd/commands/app.go @@ -846,9 +846,9 @@ func targetObjects(resources []*argoappv1.ResourceDiff) ([]*unstructured.Unstruc return objs, nil } -func getLocalObjects(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions, +func getLocalObjects(ctx context.Context, app *argoappv1.Application, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions, trackingMethod string) []*unstructured.Unstructured { - manifestStrings := getLocalObjectsString(ctx, app, proj, local, localRepoRoot, appLabelKey, kubeVersion, apiVersions, kustomizeOptions, trackingMethod) + manifestStrings := getLocalObjectsString(ctx, app, local, localRepoRoot, appLabelKey, kubeVersion, apiVersions, kustomizeOptions, trackingMethod) objs := make([]*unstructured.Unstructured, len(manifestStrings)) for i := range manifestStrings { obj := unstructured.Unstructured{} @@ -859,21 +859,19 @@ func getLocalObjects(ctx context.Context, app *argoappv1.Application, proj *argo return objs } -func getLocalObjectsString(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions, +func getLocalObjectsString(ctx context.Context, app *argoappv1.Application, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions, trackingMethod string) []string { source := app.Spec.GetSource() res, err := repository.GenerateManifests(ctx, local, localRepoRoot, source.TargetRevision, &repoapiclient.ManifestRequest{ - Repo: &argoappv1.Repository{Repo: source.RepoURL}, - AppLabelKey: appLabelKey, - AppName: app.Name, - Namespace: app.Spec.Destination.Namespace, - ApplicationSource: &source, - KustomizeOptions: kustomizeOptions, - KubeVersion: kubeVersion, - ApiVersions: apiVersions, - TrackingMethod: trackingMethod, - ProjectName: proj.Name, - ProjectSourceRepos: proj.Spec.SourceRepos, + Repo: &argoappv1.Repository{Repo: source.RepoURL}, + AppLabelKey: appLabelKey, + AppName: app.Name, + Namespace: app.Spec.Destination.Namespace, + ApplicationSource: &source, + KustomizeOptions: kustomizeOptions, + KubeVersion: kubeVersion, + ApiVersions: apiVersions, + TrackingMethod: trackingMethod, }, true, &git.NoopCredsStore{}, resource.MustParse("0"), nil) errors.CheckError(err) @@ -991,8 +989,7 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co diffOption.cluster = cluster } } - proj := getProject(c, clientOpts, ctx, app.Spec.Project) - foundDiffs := findandPrintDiff(ctx, app, proj.Project, resources, argoSettings, diffOption) + foundDiffs := findandPrintDiff(ctx, app, resources, argoSettings, diffOption) if foundDiffs && exitCode { os.Exit(1) } @@ -1020,13 +1017,13 @@ type DifferenceOption struct { } // findandPrintDiff ... Prints difference between application current state and state stored in git or locally, returns boolean as true if difference is found else returns false -func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, resources *application.ManagedResourcesResponse, argoSettings *settings.Settings, diffOptions *DifferenceOption) bool { +func findandPrintDiff(ctx context.Context, app *argoappv1.Application, resources *application.ManagedResourcesResponse, argoSettings *settings.Settings, diffOptions *DifferenceOption) bool { var foundDiffs bool liveObjs, err := cmdutil.LiveObjects(resources.Items) errors.CheckError(err) items := make([]objKeyLiveTarget, 0) if diffOptions.local != "" { - localObjs := groupObjsByKey(getLocalObjects(ctx, app, proj, diffOptions.local, diffOptions.localRepoRoot, argoSettings.AppLabelKey, diffOptions.cluster.Info.ServerVersion, diffOptions.cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod), liveObjs, app.Spec.Destination.Namespace) + localObjs := groupObjsByKey(getLocalObjects(ctx, app, diffOptions.local, diffOptions.localRepoRoot, argoSettings.AppLabelKey, diffOptions.cluster.Info.ServerVersion, diffOptions.cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod), liveObjs, app.Spec.Destination.Namespace) items = groupObjsForDiff(resources, localObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace), app.Spec.Destination.Namespace) } else if diffOptions.revision != "" { var unstructureds []*unstructured.Unstructured @@ -1697,8 +1694,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co errors.CheckError(err) argoio.Close(conn) - proj := getProject(c, clientOpts, ctx, app.Spec.Project) - localObjsStrings = getLocalObjectsString(ctx, app, proj.Project, local, localRepoRoot, argoSettings.AppLabelKey, cluster.Info.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod) + localObjsStrings = getLocalObjectsString(ctx, app, local, localRepoRoot, argoSettings.AppLabelKey, cluster.Info.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod) errors.CheckError(err) diffOption.local = local diffOption.localRepoRoot = localRepoRoot @@ -1768,8 +1764,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co foundDiffs := false fmt.Printf("====== Previewing differences between live and desired state of application %s ======\n", appQualifiedName) - proj := getProject(c, clientOpts, ctx, app.Spec.Project) - foundDiffs = findandPrintDiff(ctx, app, proj.Project, resources, argoSettings, diffOption) + foundDiffs = findandPrintDiff(ctx, app, resources, argoSettings, diffOption) if foundDiffs { if !diffChangesConfirm { yesno := cli.AskToProceed(fmt.Sprintf("Please review changes to application %s shown above. Do you want to continue the sync process? (y/n): ", appQualifiedName)) @@ -2381,8 +2376,7 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob cluster, err := clusterIf.Get(context.Background(), &clusterpkg.ClusterQuery{Name: app.Spec.Destination.Name, Server: app.Spec.Destination.Server}) errors.CheckError(err) - proj := getProject(c, clientOpts, ctx, app.Spec.Project) - unstructureds = getLocalObjects(context.Background(), app, proj.Project, local, localRepoRoot, argoSettings.AppLabelKey, cluster.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod) + unstructureds = getLocalObjects(context.Background(), app, local, localRepoRoot, argoSettings.AppLabelKey, cluster.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod) } else if revision != "" { q := application.ApplicationManifestQuery{ Name: &appName, diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 4f08665eb437b..fc7b6617c13b9 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -1,7 +1,6 @@ package commands import ( - "context" "encoding/json" "fmt" "io" @@ -819,7 +818,10 @@ func NewProjectGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command os.Exit(1) } projName := args[0] - detailedProject := getProject(c, clientOpts, ctx, projName) + conn, projIf := headless.NewClientOrDie(clientOpts, c).NewProjectClientOrDie() + defer argoio.Close(conn) + detailedProject, err := projIf.GetDetailedProject(ctx, &projectpkg.ProjectQuery{Name: projName}) + errors.CheckError(err) switch output { case "yaml", "json": @@ -836,14 +838,6 @@ func NewProjectGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command return command } -func getProject(c *cobra.Command, clientOpts *argocdclient.ClientOptions, ctx context.Context, projName string) *projectpkg.DetailedProjectsResponse { - conn, projIf := headless.NewClientOrDie(clientOpts, c).NewProjectClientOrDie() - defer argoio.Close(conn) - detailedProject, err := projIf.GetDetailedProject(ctx, &projectpkg.ProjectQuery{Name: projName}) - errors.CheckError(err) - return detailedProject -} - func NewProjectEditCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var command = &cobra.Command{ Use: "edit PROJECT", diff --git a/controller/state.go b/controller/state.go index 0d28f9e41bf76..a289b0aba963a 100644 --- a/controller/state.go +++ b/controller/state.go @@ -200,8 +200,6 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp HelmOptions: helmOptions, HasMultipleSources: app.Spec.HasMultipleSources(), RefSources: refSources, - ProjectName: proj.Name, - ProjectSourceRepos: proj.Spec.SourceRepos, }) if err != nil { return nil, nil, err diff --git a/reposerver/apiclient/repository.pb.go b/reposerver/apiclient/repository.pb.go index 4c05248b87e16..3dcacedd00933 100644 --- a/reposerver/apiclient/repository.pb.go +++ b/reposerver/apiclient/repository.pb.go @@ -46,21 +46,17 @@ type ManifestRequest struct { KubeVersion string `protobuf:"bytes,14,opt,name=kubeVersion,proto3" json:"kubeVersion,omitempty"` ApiVersions []string `protobuf:"bytes,15,rep,name=apiVersions,proto3" json:"apiVersions,omitempty"` // Request to verify the signature when generating the manifests (only for Git repositories) - VerifySignature bool `protobuf:"varint,16,opt,name=verifySignature,proto3" json:"verifySignature,omitempty"` - HelmRepoCreds []*v1alpha1.RepoCreds `protobuf:"bytes,17,rep,name=helmRepoCreds,proto3" json:"helmRepoCreds,omitempty"` - NoRevisionCache bool `protobuf:"varint,18,opt,name=noRevisionCache,proto3" json:"noRevisionCache,omitempty"` - TrackingMethod string `protobuf:"bytes,19,opt,name=trackingMethod,proto3" json:"trackingMethod,omitempty"` - EnabledSourceTypes map[string]bool `protobuf:"bytes,20,rep,name=enabledSourceTypes,proto3" json:"enabledSourceTypes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` - HelmOptions *v1alpha1.HelmOptions `protobuf:"bytes,21,opt,name=helmOptions,proto3" json:"helmOptions,omitempty"` - HasMultipleSources bool `protobuf:"varint,22,opt,name=hasMultipleSources,proto3" json:"hasMultipleSources,omitempty"` - RefSources map[string]*v1alpha1.RefTarget `protobuf:"bytes,23,rep,name=refSources,proto3" json:"refSources,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // This is used to surface "source not permitted" errors for Helm repositories - ProjectSourceRepos []string `protobuf:"bytes,24,rep,name=projectSourceRepos,proto3" json:"projectSourceRepos,omitempty"` - // This is used to surface "source not permitted" errors for Helm repositories - ProjectName string `protobuf:"bytes,25,opt,name=projectName,proto3" json:"projectName,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + VerifySignature bool `protobuf:"varint,16,opt,name=verifySignature,proto3" json:"verifySignature,omitempty"` + HelmRepoCreds []*v1alpha1.RepoCreds `protobuf:"bytes,17,rep,name=helmRepoCreds,proto3" json:"helmRepoCreds,omitempty"` + NoRevisionCache bool `protobuf:"varint,18,opt,name=noRevisionCache,proto3" json:"noRevisionCache,omitempty"` + TrackingMethod string `protobuf:"bytes,19,opt,name=trackingMethod,proto3" json:"trackingMethod,omitempty"` + EnabledSourceTypes map[string]bool `protobuf:"bytes,20,rep,name=enabledSourceTypes,proto3" json:"enabledSourceTypes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` + HelmOptions *v1alpha1.HelmOptions `protobuf:"bytes,21,opt,name=helmOptions,proto3" json:"helmOptions,omitempty"` + HasMultipleSources bool `protobuf:"varint,22,opt,name=hasMultipleSources,proto3" json:"hasMultipleSources,omitempty"` + RefSources map[string]*v1alpha1.RefTarget `protobuf:"bytes,23,rep,name=refSources,proto3" json:"refSources,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *ManifestRequest) Reset() { *m = ManifestRequest{} } @@ -236,20 +232,6 @@ func (m *ManifestRequest) GetRefSources() map[string]*v1alpha1.RefTarget { return nil } -func (m *ManifestRequest) GetProjectSourceRepos() []string { - if m != nil { - return m.ProjectSourceRepos - } - return nil -} - -func (m *ManifestRequest) GetProjectName() string { - if m != nil { - return m.ProjectName - } - return "" -} - type ManifestRequestWithFiles struct { // Types that are valid to be assigned to Part: // *ManifestRequestWithFiles_Request @@ -2189,140 +2171,138 @@ func init() { } var fileDescriptor_dd8723cfcc820480 = []byte{ - // 2114 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x5a, 0x5b, 0x6f, 0x1b, 0xc7, - 0x15, 0xe6, 0x92, 0xba, 0x90, 0x47, 0xb2, 0x44, 0x8d, 0x75, 0x59, 0x31, 0x8e, 0xa0, 0x6c, 0x6b, - 0x43, 0xb5, 0x13, 0x12, 0x92, 0x91, 0xb8, 0x70, 0xd2, 0x14, 0x8a, 0x62, 0x4b, 0x8e, 0x2d, 0x5b, - 0x5d, 0xbb, 0x2d, 0xd2, 0xba, 0x2d, 0x86, 0xcb, 0x21, 0xb9, 0xe1, 0x5e, 0xc6, 0xbb, 0xb3, 0x0a, - 0x64, 0xa0, 0x0f, 0x45, 0x8b, 0x02, 0xfd, 0x03, 0x7d, 0xe8, 0xff, 0x28, 0xfa, 0x54, 0xf4, 0xa9, - 0x97, 0xc7, 0xa0, 0x7f, 0xa0, 0x85, 0x1f, 0xfb, 0x2b, 0x8a, 0xb9, 0xec, 0x95, 0x2b, 0xd9, 0x29, - 0x65, 0x19, 0xcd, 0x8b, 0xbd, 0x73, 0xe6, 0xcc, 0x39, 0x67, 0xce, 0x9c, 0xcb, 0x37, 0x43, 0xc1, - 0xb5, 0x80, 0x50, 0x3f, 0x24, 0xc1, 0x31, 0x09, 0x3a, 0xe2, 0xd3, 0x66, 0x7e, 0x70, 0x92, 0xf9, - 0x6c, 0xd3, 0xc0, 0x67, 0x3e, 0x82, 0x94, 0xd2, 0x7a, 0x30, 0xb0, 0xd9, 0x30, 0xea, 0xb6, 0x2d, - 0xdf, 0xed, 0xe0, 0x60, 0xe0, 0xd3, 0xc0, 0xff, 0x42, 0x7c, 0xbc, 0x67, 0xf5, 0x3a, 0xc7, 0x3b, - 0x1d, 0x3a, 0x1a, 0x74, 0x30, 0xb5, 0xc3, 0x0e, 0xa6, 0xd4, 0xb1, 0x2d, 0xcc, 0x6c, 0xdf, 0xeb, - 0x1c, 0x6f, 0x63, 0x87, 0x0e, 0xf1, 0x76, 0x67, 0x40, 0x3c, 0x12, 0x60, 0x46, 0x7a, 0x52, 0x72, - 0xeb, 0xad, 0x81, 0xef, 0x0f, 0x1c, 0xd2, 0x11, 0xa3, 0x6e, 0xd4, 0xef, 0x10, 0x97, 0x32, 0xa5, - 0xd6, 0xf8, 0xcf, 0x3c, 0x2c, 0x1e, 0x62, 0xcf, 0xee, 0x93, 0x90, 0x99, 0xe4, 0x59, 0x44, 0x42, - 0x86, 0x9e, 0xc2, 0x14, 0x37, 0x46, 0xd7, 0x36, 0xb5, 0xad, 0xb9, 0x9d, 0x83, 0x76, 0x6a, 0x4d, - 0x3b, 0xb6, 0x46, 0x7c, 0xfc, 0xc2, 0xea, 0xb5, 0x8f, 0x77, 0xda, 0x74, 0x34, 0x68, 0x73, 0x6b, - 0xda, 0x19, 0x6b, 0xda, 0xb1, 0x35, 0x6d, 0x33, 0xd9, 0x96, 0x29, 0xa4, 0xa2, 0x16, 0xd4, 0x03, - 0x72, 0x6c, 0x87, 0xb6, 0xef, 0xe9, 0xd5, 0x4d, 0x6d, 0xab, 0x61, 0x26, 0x63, 0xa4, 0xc3, 0xac, - 0xe7, 0xef, 0x61, 0x6b, 0x48, 0xf4, 0xda, 0xa6, 0xb6, 0x55, 0x37, 0xe3, 0x21, 0xda, 0x84, 0x39, - 0x4c, 0xe9, 0x03, 0xdc, 0x25, 0xce, 0x7d, 0x72, 0xa2, 0x4f, 0x89, 0x85, 0x59, 0x12, 0x5f, 0x8b, - 0x29, 0x7d, 0x88, 0x5d, 0xa2, 0x4f, 0x8b, 0xd9, 0x78, 0x88, 0xae, 0x40, 0xc3, 0xc3, 0x2e, 0x09, - 0x29, 0xb6, 0x88, 0x5e, 0x17, 0x73, 0x29, 0x01, 0xfd, 0x12, 0x96, 0x32, 0x86, 0x3f, 0xf6, 0xa3, - 0xc0, 0x22, 0x3a, 0x88, 0xad, 0x3f, 0x9a, 0x6c, 0xeb, 0xbb, 0x45, 0xb1, 0xe6, 0xb8, 0x26, 0xf4, - 0x73, 0x98, 0x16, 0x27, 0xaf, 0xcf, 0x6d, 0xd6, 0xce, 0xd5, 0xdb, 0x52, 0x2c, 0xf2, 0x60, 0x96, - 0x3a, 0xd1, 0xc0, 0xf6, 0x42, 0x7d, 0x5e, 0x68, 0x78, 0x32, 0x99, 0x86, 0x3d, 0xdf, 0xeb, 0xdb, - 0x83, 0x43, 0xec, 0xe1, 0x01, 0x71, 0x89, 0xc7, 0x8e, 0x84, 0x70, 0x33, 0x56, 0x82, 0x9e, 0x43, - 0x73, 0x14, 0x85, 0xcc, 0x77, 0xed, 0xe7, 0xe4, 0x11, 0xe5, 0x6b, 0x43, 0xfd, 0x92, 0xf0, 0xe6, - 0xc3, 0xc9, 0x14, 0xdf, 0x2f, 0x48, 0x35, 0xc7, 0xf4, 0xf0, 0x20, 0x19, 0x45, 0x5d, 0xf2, 0x23, - 0x12, 0x88, 0xe8, 0x5a, 0x90, 0x41, 0x92, 0x21, 0xc9, 0x30, 0xb2, 0xd5, 0x28, 0xd4, 0x17, 0x37, - 0x6b, 0x32, 0x8c, 0x12, 0x12, 0xda, 0x82, 0xc5, 0x63, 0x12, 0xd8, 0xfd, 0x93, 0xc7, 0xf6, 0xc0, - 0xc3, 0x2c, 0x0a, 0x88, 0xde, 0x14, 0xa1, 0x58, 0x24, 0x23, 0x17, 0x2e, 0x0d, 0x89, 0xe3, 0x72, - 0x97, 0xef, 0x05, 0xa4, 0x17, 0xea, 0x4b, 0xc2, 0xbf, 0xfb, 0x93, 0x9f, 0xa0, 0x10, 0x67, 0xe6, - 0xa5, 0x73, 0xc3, 0x3c, 0xdf, 0x54, 0x99, 0x22, 0x73, 0x04, 0x49, 0xc3, 0x0a, 0x64, 0x74, 0x0d, - 0x16, 0x58, 0x80, 0xad, 0x91, 0xed, 0x0d, 0x0e, 0x09, 0x1b, 0xfa, 0x3d, 0xfd, 0xb2, 0xf0, 0x44, - 0x81, 0x8a, 0x2c, 0x40, 0xc4, 0xc3, 0x5d, 0x87, 0xf4, 0x64, 0x2c, 0x3e, 0x39, 0xa1, 0x24, 0xd4, - 0x97, 0xc5, 0x2e, 0x6e, 0xb6, 0x33, 0x15, 0xaa, 0x50, 0x20, 0xda, 0x77, 0xc6, 0x56, 0xdd, 0xf1, - 0x58, 0x70, 0x62, 0x96, 0x88, 0x43, 0x23, 0x98, 0xe3, 0xfb, 0x88, 0x43, 0x61, 0x45, 0x84, 0xc2, - 0xbd, 0xc9, 0x7c, 0x74, 0x90, 0x0a, 0x34, 0xb3, 0xd2, 0x51, 0x1b, 0xd0, 0x10, 0x87, 0x87, 0x91, - 0xc3, 0x6c, 0xea, 0x10, 0x69, 0x46, 0xa8, 0xaf, 0x0a, 0x37, 0x95, 0xcc, 0xa0, 0xfb, 0x00, 0x01, - 0xe9, 0xc7, 0x7c, 0x6b, 0x62, 0xe7, 0x37, 0xce, 0xda, 0xb9, 0x99, 0x70, 0xcb, 0x1d, 0x67, 0x96, - 0x73, 0xe5, 0x7c, 0x1b, 0xc4, 0x62, 0x2a, 0xdb, 0x45, 0x5a, 0xeb, 0x22, 0xc4, 0x4a, 0x66, 0x78, - 0x2c, 0x2a, 0xaa, 0x28, 0x5a, 0xeb, 0x32, 0x5a, 0x33, 0xa4, 0xd6, 0x1d, 0x58, 0x3b, 0xc5, 0xd5, - 0xa8, 0x09, 0xb5, 0x11, 0x39, 0x11, 0x25, 0xba, 0x61, 0xf2, 0x4f, 0xb4, 0x0c, 0xd3, 0xc7, 0xd8, - 0x89, 0x88, 0x28, 0xaa, 0x75, 0x53, 0x0e, 0x6e, 0x57, 0xbf, 0xab, 0xb5, 0x7e, 0xab, 0xc1, 0x62, - 0xc1, 0xf0, 0x92, 0xf5, 0x3f, 0xcb, 0xae, 0x3f, 0x87, 0x30, 0xee, 0x3f, 0xc1, 0xc1, 0x80, 0xb0, - 0x8c, 0x21, 0xc6, 0x3f, 0x35, 0xd0, 0x0b, 0x1e, 0xfd, 0xb1, 0xcd, 0x86, 0x77, 0x6d, 0x87, 0x84, - 0xe8, 0x16, 0xcc, 0x06, 0x92, 0xa6, 0x1a, 0xcf, 0x5b, 0x67, 0x1c, 0xc4, 0x41, 0xc5, 0x8c, 0xb9, - 0xd1, 0xc7, 0x50, 0x77, 0x09, 0xc3, 0x3d, 0xcc, 0xb0, 0xb2, 0x7d, 0xb3, 0x6c, 0x25, 0xd7, 0x72, - 0xa8, 0xf8, 0x0e, 0x2a, 0x66, 0xb2, 0x06, 0xbd, 0x0f, 0xd3, 0xd6, 0x30, 0xf2, 0x46, 0xa2, 0xe5, - 0xcc, 0xed, 0xbc, 0x7d, 0xda, 0xe2, 0x3d, 0xce, 0x74, 0x50, 0x31, 0x25, 0xf7, 0x27, 0x33, 0x30, - 0x45, 0x71, 0xc0, 0x8c, 0xbb, 0xb0, 0x5c, 0xa6, 0x82, 0xf7, 0x39, 0x6b, 0x48, 0xac, 0x51, 0x18, - 0xb9, 0xca, 0xcd, 0xc9, 0x18, 0x21, 0x98, 0x0a, 0xed, 0xe7, 0xd2, 0xd5, 0x35, 0x53, 0x7c, 0x1b, - 0xdf, 0x81, 0xa5, 0x31, 0x6d, 0xfc, 0x50, 0xa5, 0x6d, 0x5c, 0xc2, 0xbc, 0x52, 0x6d, 0x44, 0xb0, - 0xf2, 0x44, 0xf8, 0x22, 0x29, 0xf6, 0x17, 0xd1, 0xb9, 0x8d, 0x03, 0x58, 0x2d, 0xaa, 0x0d, 0xa9, - 0xef, 0x85, 0x84, 0x87, 0xbe, 0xa8, 0x8e, 0x36, 0xe9, 0xa5, 0xb3, 0xc2, 0x8a, 0xba, 0x59, 0x32, - 0x63, 0xfc, 0xaa, 0x0a, 0xab, 0x26, 0x09, 0x7d, 0xe7, 0x98, 0xc4, 0xa5, 0xeb, 0x62, 0xc0, 0xc7, - 0x4f, 0xa1, 0x86, 0x29, 0x55, 0x61, 0x72, 0xef, 0xdc, 0xda, 0xbb, 0xc9, 0xa5, 0xa2, 0x77, 0x61, - 0x09, 0xbb, 0x5d, 0x7b, 0x10, 0xf9, 0x51, 0x18, 0x6f, 0x4b, 0x04, 0x55, 0xc3, 0x1c, 0x9f, 0x30, - 0x2c, 0x58, 0x1b, 0x73, 0x81, 0x72, 0x67, 0x16, 0x22, 0x69, 0x05, 0x88, 0x54, 0xaa, 0xa4, 0x7a, - 0x9a, 0x92, 0xbf, 0x69, 0xd0, 0x4c, 0x53, 0x47, 0x89, 0xbf, 0x02, 0x0d, 0x57, 0xd1, 0x42, 0x5d, - 0x13, 0xf5, 0x29, 0x25, 0xe4, 0xd1, 0x52, 0xb5, 0x88, 0x96, 0x56, 0x61, 0x46, 0x82, 0x59, 0xb5, - 0x31, 0x35, 0xca, 0x99, 0x3c, 0x55, 0x30, 0x79, 0x03, 0x20, 0x4c, 0xea, 0x97, 0x3e, 0x23, 0x66, - 0x33, 0x14, 0x64, 0xc0, 0xbc, 0xec, 0xad, 0x26, 0x09, 0x23, 0x87, 0xe9, 0xb3, 0x82, 0x23, 0x47, - 0x33, 0x7c, 0x58, 0x7c, 0x60, 0xf3, 0x3d, 0xf4, 0xc3, 0x8b, 0x09, 0xf6, 0x0f, 0x60, 0x8a, 0x2b, - 0xe3, 0x1b, 0xeb, 0x06, 0xd8, 0xb3, 0x86, 0x24, 0xf6, 0x55, 0x32, 0xe6, 0x69, 0xcc, 0xf0, 0x20, - 0xd4, 0xab, 0x82, 0x2e, 0xbe, 0x8d, 0x3f, 0x55, 0xa5, 0xa5, 0xbb, 0x94, 0x86, 0x6f, 0x1e, 0x50, - 0x97, 0xb7, 0xf8, 0xda, 0x78, 0x8b, 0x2f, 0x98, 0xfc, 0x75, 0x5a, 0xfc, 0x39, 0xb5, 0x29, 0x23, - 0x82, 0xd9, 0x5d, 0x4a, 0xb9, 0x21, 0x68, 0x1b, 0xa6, 0x30, 0xa5, 0xd2, 0xe1, 0x85, 0x8a, 0xac, - 0x58, 0xf8, 0xff, 0xca, 0x24, 0xc1, 0xda, 0xba, 0x05, 0x8d, 0x84, 0xf4, 0x32, 0xb5, 0x8d, 0xac, - 0xda, 0x4d, 0x00, 0x89, 0x61, 0xef, 0x79, 0x7d, 0x9f, 0x1f, 0x29, 0x0f, 0x76, 0xb5, 0x54, 0x7c, - 0x1b, 0xb7, 0x63, 0x0e, 0x61, 0xdb, 0xbb, 0x30, 0x6d, 0x33, 0xe2, 0xc6, 0xc6, 0xad, 0x66, 0x8d, - 0x4b, 0x05, 0x99, 0x92, 0xc9, 0xf8, 0x7b, 0x1d, 0xd6, 0xf9, 0x89, 0x3d, 0x16, 0x69, 0xb2, 0x4b, - 0xe9, 0xa7, 0x84, 0x61, 0xdb, 0x09, 0x7f, 0x10, 0x91, 0xe0, 0xe4, 0x35, 0x07, 0xc6, 0x00, 0x66, - 0x64, 0x96, 0xa9, 0x7a, 0x77, 0xee, 0xd7, 0x19, 0x25, 0x3e, 0xbd, 0xc3, 0xd4, 0x5e, 0xcf, 0x1d, - 0xa6, 0xec, 0x4e, 0x31, 0x75, 0x41, 0x77, 0x8a, 0xd3, 0xaf, 0x95, 0x99, 0xcb, 0xea, 0x4c, 0xfe, - 0xb2, 0x5a, 0x02, 0xd5, 0x67, 0x5f, 0x15, 0xaa, 0xd7, 0x4b, 0xa1, 0xba, 0x5b, 0x9a, 0xc7, 0x0d, - 0xe1, 0xee, 0xef, 0x65, 0x23, 0xf0, 0xd4, 0x58, 0x9b, 0x04, 0xb4, 0xc3, 0x6b, 0x05, 0xed, 0x3f, - 0xcc, 0x81, 0x70, 0x79, 0x0d, 0x7e, 0xff, 0xd5, 0xf6, 0x74, 0x06, 0x1c, 0xff, 0xc6, 0x81, 0xe7, - 0xdf, 0x08, 0xcc, 0x44, 0xfd, 0xd4, 0x07, 0x49, 0x43, 0xe7, 0x7d, 0x88, 0xb7, 0x56, 0x55, 0xb4, - 0xf8, 0x37, 0xba, 0x01, 0x53, 0xdc, 0xc9, 0x0a, 0xd4, 0xae, 0x65, 0xfd, 0xc9, 0x4f, 0x62, 0x97, - 0xd2, 0xc7, 0x94, 0x58, 0xa6, 0x60, 0x42, 0xb7, 0xa1, 0x91, 0x04, 0xbe, 0xca, 0xac, 0x2b, 0xd9, - 0x15, 0x49, 0x9e, 0xc4, 0xcb, 0x52, 0x76, 0xbe, 0xb6, 0x67, 0x07, 0xc4, 0x12, 0x90, 0x6f, 0x7a, - 0x7c, 0xed, 0xa7, 0xf1, 0x64, 0xb2, 0x36, 0x61, 0x47, 0xdb, 0x30, 0x23, 0xdf, 0x0d, 0x44, 0x06, - 0xcd, 0xed, 0xac, 0x8f, 0x17, 0xd3, 0x78, 0x95, 0x62, 0x34, 0xfe, 0xaa, 0xc1, 0x3b, 0x69, 0x40, - 0xc4, 0xd9, 0x14, 0xa3, 0xee, 0x37, 0xdf, 0x71, 0xaf, 0xc1, 0x82, 0x80, 0xf9, 0xe9, 0xf3, 0x81, - 0x7c, 0xc9, 0x2a, 0x50, 0x8d, 0x3f, 0x6a, 0x70, 0x75, 0x7c, 0x1f, 0x7b, 0x43, 0x1c, 0xb0, 0xe4, - 0x78, 0x2f, 0x62, 0x2f, 0x71, 0xc3, 0xab, 0xa6, 0x0d, 0x2f, 0xb7, 0xbf, 0x5a, 0x7e, 0x7f, 0xc6, - 0x5f, 0xaa, 0x30, 0x97, 0x09, 0xa0, 0xb2, 0x86, 0xc9, 0x01, 0x9f, 0x88, 0x5b, 0x71, 0xb1, 0x13, - 0x4d, 0xa1, 0x61, 0x66, 0x28, 0x68, 0x04, 0x40, 0x71, 0x80, 0x5d, 0xc2, 0x48, 0xc0, 0x2b, 0x39, - 0xcf, 0xf8, 0xfb, 0x93, 0x57, 0x97, 0xa3, 0x58, 0xa6, 0x99, 0x11, 0xcf, 0x11, 0xab, 0x50, 0x1d, - 0xaa, 0xfa, 0xad, 0x46, 0xe8, 0x4b, 0x58, 0xe8, 0xdb, 0x0e, 0x39, 0x4a, 0x0d, 0x99, 0x11, 0x86, - 0x3c, 0x9a, 0xdc, 0x90, 0xbb, 0x59, 0xb9, 0x66, 0x41, 0x8d, 0x71, 0x1d, 0x9a, 0xc5, 0x7c, 0xe2, - 0x46, 0xda, 0x2e, 0x1e, 0x24, 0xde, 0x52, 0x23, 0x03, 0x41, 0xb3, 0x98, 0x3f, 0xc6, 0xbf, 0xaa, - 0xb0, 0x92, 0x88, 0xdb, 0xf5, 0x3c, 0x3f, 0xf2, 0x2c, 0xf1, 0x14, 0x57, 0x7a, 0x16, 0xcb, 0x30, - 0xcd, 0x6c, 0xe6, 0x24, 0xc0, 0x47, 0x0c, 0x78, 0xef, 0x62, 0xbe, 0xef, 0x30, 0x9b, 0xaa, 0x03, - 0x8e, 0x87, 0xf2, 0xec, 0x9f, 0x45, 0x76, 0x40, 0x7a, 0xa2, 0x12, 0xd4, 0xcd, 0x64, 0xcc, 0xe7, - 0x38, 0xaa, 0x11, 0x30, 0x5e, 0x3a, 0x33, 0x19, 0x8b, 0xb8, 0xf7, 0x1d, 0x87, 0x58, 0xdc, 0x1d, - 0x19, 0xa0, 0x5f, 0xa0, 0x8a, 0x0b, 0x04, 0x0b, 0x6c, 0x6f, 0xa0, 0x60, 0xbe, 0x1a, 0x71, 0x3b, - 0x71, 0x10, 0xe0, 0x13, 0xbd, 0x2e, 0x1c, 0x20, 0x07, 0xe8, 0x23, 0xa8, 0xb9, 0x98, 0xaa, 0x46, - 0x77, 0x3d, 0x57, 0x1d, 0xca, 0x3c, 0xd0, 0x3e, 0xc4, 0x54, 0x76, 0x02, 0xbe, 0xac, 0xf5, 0x01, - 0xd4, 0x63, 0xc2, 0xd7, 0x82, 0x84, 0x5f, 0xc0, 0xa5, 0x5c, 0xf1, 0x41, 0x9f, 0xc3, 0x6a, 0x1a, - 0x51, 0x59, 0x85, 0x0a, 0x04, 0xbe, 0xf3, 0x52, 0xcb, 0xcc, 0x53, 0x04, 0x18, 0xcf, 0x60, 0x89, - 0x87, 0x8c, 0x48, 0xfc, 0x0b, 0xba, 0xda, 0x7c, 0x08, 0x8d, 0x44, 0x65, 0x69, 0xcc, 0xb4, 0xa0, - 0x7e, 0x1c, 0x3f, 0x91, 0xca, 0xbb, 0x4d, 0x32, 0x36, 0x76, 0x01, 0x65, 0xed, 0x55, 0x1d, 0xe8, - 0x46, 0x1e, 0x14, 0xaf, 0x14, 0xdb, 0x8d, 0x60, 0x8f, 0x31, 0xf1, 0xef, 0xaa, 0xb0, 0xb8, 0x6f, - 0x8b, 0x57, 0x8e, 0x0b, 0x2a, 0x72, 0xd7, 0xa1, 0x19, 0x46, 0x5d, 0xd7, 0xef, 0x45, 0x0e, 0x51, - 0xa0, 0x40, 0x75, 0xfa, 0x31, 0xfa, 0x59, 0xc5, 0x8f, 0x3b, 0x8b, 0x62, 0x36, 0x54, 0x37, 0x5c, - 0xf1, 0x8d, 0x3e, 0x82, 0xf5, 0x87, 0xe4, 0x4b, 0xb5, 0x9f, 0x7d, 0xc7, 0xef, 0x76, 0x6d, 0x6f, - 0x10, 0x2b, 0x99, 0x16, 0x4a, 0x4e, 0x67, 0x30, 0x7e, 0xad, 0x41, 0x33, 0xf5, 0x85, 0xf2, 0xe6, - 0x2d, 0x19, 0xf5, 0xd2, 0x97, 0x57, 0xb3, 0xbe, 0x2c, 0xb2, 0xfe, 0xef, 0x01, 0x3f, 0x9f, 0x0d, - 0xf8, 0x3f, 0x6b, 0xb0, 0xb2, 0x6f, 0xb3, 0xb8, 0xd4, 0xd8, 0xff, 0x67, 0xe7, 0x62, 0xb4, 0x61, - 0xb5, 0x68, 0xbe, 0x72, 0xe5, 0x32, 0x4c, 0xf3, 0x53, 0x8a, 0xef, 0xee, 0x72, 0xb0, 0xf3, 0x55, - 0x03, 0x96, 0xd2, 0xe6, 0xcb, 0xff, 0xb5, 0x2d, 0x82, 0x1e, 0x41, 0x73, 0x5f, 0xfd, 0x76, 0x16, - 0xbf, 0x99, 0xa0, 0xb3, 0x1e, 0x21, 0x5b, 0x57, 0xca, 0x27, 0xa5, 0x6a, 0xa3, 0x82, 0x2c, 0x58, - 0x2f, 0x0a, 0x4c, 0xdf, 0x3b, 0xbf, 0x7d, 0x86, 0xe4, 0x84, 0xeb, 0x65, 0x2a, 0xb6, 0x34, 0xf4, - 0x39, 0x2c, 0xe4, 0x5f, 0xe5, 0x50, 0xae, 0x1a, 0x95, 0x3e, 0x14, 0xb6, 0x8c, 0xb3, 0x58, 0x12, - 0xfb, 0x9f, 0x72, 0xe8, 0x9b, 0x7b, 0xa2, 0x42, 0x46, 0x1e, 0x98, 0x97, 0x3d, 0xe1, 0xb5, 0xbe, - 0x75, 0x26, 0x4f, 0x22, 0xfd, 0x43, 0xa8, 0xc7, 0x4f, 0x3a, 0x79, 0x37, 0x17, 0x1e, 0x7a, 0x5a, - 0xcd, 0xbc, 0xbc, 0x7e, 0x68, 0x54, 0xd0, 0xc7, 0x72, 0x31, 0xbf, 0xf2, 0x8f, 0x2f, 0xce, 0x3c, - 0x64, 0xb4, 0x2e, 0x97, 0x3c, 0x1e, 0x18, 0x15, 0xf4, 0x7d, 0x98, 0xe3, 0x5f, 0x47, 0xea, 0x57, - 0xab, 0xd5, 0xb6, 0xfc, 0x91, 0xb4, 0x1d, 0xff, 0x48, 0xda, 0xbe, 0xe3, 0x52, 0x76, 0xd2, 0x2a, - 0xb9, 0xdd, 0x2b, 0x01, 0x4f, 0xe1, 0xd2, 0x3e, 0x61, 0x29, 0x18, 0x47, 0x57, 0x5f, 0xe9, 0xca, - 0xd2, 0x32, 0x8a, 0x6c, 0xe3, 0x78, 0xde, 0xa8, 0xa0, 0xdf, 0x6b, 0x70, 0x79, 0x9f, 0xb0, 0x22, - 0xbc, 0x45, 0xef, 0x95, 0x2b, 0x39, 0x05, 0x06, 0xb7, 0x1e, 0x4e, 0x9a, 0xaf, 0x79, 0xb1, 0x46, - 0x05, 0xfd, 0x41, 0x83, 0xb5, 0x8c, 0x61, 0x59, 0xbc, 0x8a, 0xb6, 0xcf, 0x36, 0xae, 0x04, 0xdb, - 0xb6, 0x3e, 0x9b, 0xf0, 0xc7, 0xc8, 0x8c, 0x48, 0xa3, 0x82, 0x8e, 0xc4, 0x99, 0xa4, 0xed, 0x09, - 0xbd, 0x5d, 0xda, 0x87, 0x12, 0xed, 0x1b, 0xa7, 0x4d, 0x27, 0xe7, 0xf0, 0x19, 0xcc, 0xed, 0x13, - 0x16, 0x57, 0xdd, 0x7c, 0xa4, 0x15, 0x5a, 0x58, 0x3e, 0x55, 0x8b, 0x85, 0x5a, 0x44, 0xcc, 0x92, - 0x94, 0x95, 0xa9, 0x53, 0xf9, 0x5c, 0x2d, 0x2d, 0xc1, 0xf9, 0x88, 0x29, 0x2f, 0x73, 0x46, 0xe5, - 0x93, 0xdd, 0x7f, 0xbc, 0xd8, 0xd0, 0xbe, 0x7a, 0xb1, 0xa1, 0xfd, 0xfb, 0xc5, 0x86, 0xf6, 0x93, - 0x9b, 0x2f, 0xf9, 0x0b, 0x82, 0xcc, 0x1f, 0x25, 0x60, 0x6a, 0x5b, 0x8e, 0x4d, 0x3c, 0xd6, 0x9d, - 0x11, 0xc1, 0x7f, 0xf3, 0xbf, 0x01, 0x00, 0x00, 0xff, 0xff, 0xf8, 0x86, 0xe4, 0x0d, 0xb3, 0x20, - 0x00, 0x00, + // 2085 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe4, 0x5a, 0x5b, 0x6f, 0x1b, 0xc7, + 0xf5, 0xe7, 0x92, 0xba, 0x90, 0x47, 0xb6, 0x45, 0x8d, 0x75, 0x59, 0x33, 0x8e, 0xa0, 0xec, 0xff, + 0x6f, 0x43, 0xb5, 0x13, 0x12, 0x92, 0x91, 0xb8, 0x70, 0xd2, 0x14, 0x8a, 0x62, 0x4b, 0x8e, 0x2d, + 0x5b, 0x5d, 0xbb, 0x2d, 0xd2, 0xba, 0x2d, 0x86, 0xcb, 0xe1, 0x72, 0xc2, 0xbd, 0x8c, 0x77, 0x67, + 0x15, 0xc8, 0x40, 0x1f, 0x8a, 0x16, 0x05, 0xfa, 0x05, 0x8a, 0xa2, 0xdf, 0xa3, 0xe8, 0x53, 0xd1, + 0xa7, 0x5e, 0x1e, 0x83, 0x7e, 0x81, 0x16, 0xfe, 0x24, 0xc5, 0xcc, 0xce, 0x5e, 0xb9, 0x92, 0x9d, + 0x52, 0x56, 0x50, 0xf4, 0xc5, 0xde, 0x99, 0x39, 0xb7, 0x39, 0x73, 0xe6, 0x9c, 0xdf, 0x19, 0x0a, + 0xae, 0x07, 0x84, 0xf9, 0x21, 0x09, 0x8e, 0x48, 0xd0, 0x93, 0x9f, 0x94, 0xfb, 0xc1, 0x71, 0xee, + 0xb3, 0xcb, 0x02, 0x9f, 0xfb, 0x08, 0xb2, 0x99, 0xce, 0x43, 0x9b, 0xf2, 0x51, 0xd4, 0xef, 0x5a, + 0xbe, 0xdb, 0xc3, 0x81, 0xed, 0xb3, 0xc0, 0xff, 0x42, 0x7e, 0xbc, 0x67, 0x0d, 0x7a, 0x47, 0xdb, + 0x3d, 0x36, 0xb6, 0x7b, 0x98, 0xd1, 0xb0, 0x87, 0x19, 0x73, 0xa8, 0x85, 0x39, 0xf5, 0xbd, 0xde, + 0xd1, 0x16, 0x76, 0xd8, 0x08, 0x6f, 0xf5, 0x6c, 0xe2, 0x91, 0x00, 0x73, 0x32, 0x88, 0x25, 0x77, + 0xde, 0xb2, 0x7d, 0xdf, 0x76, 0x48, 0x4f, 0x8e, 0xfa, 0xd1, 0xb0, 0x47, 0x5c, 0xc6, 0x95, 0x5a, + 0xe3, 0x77, 0x17, 0x60, 0xf1, 0x00, 0x7b, 0x74, 0x48, 0x42, 0x6e, 0x92, 0xe7, 0x11, 0x09, 0x39, + 0x7a, 0x06, 0x33, 0xc2, 0x18, 0x5d, 0xdb, 0xd0, 0x36, 0x17, 0xb6, 0xf7, 0xbb, 0x99, 0x35, 0xdd, + 0xc4, 0x1a, 0xf9, 0xf1, 0x33, 0x6b, 0xd0, 0x3d, 0xda, 0xee, 0xb2, 0xb1, 0xdd, 0x15, 0xd6, 0x74, + 0x73, 0xd6, 0x74, 0x13, 0x6b, 0xba, 0x66, 0xba, 0x2d, 0x53, 0x4a, 0x45, 0x1d, 0x68, 0x06, 0xe4, + 0x88, 0x86, 0xd4, 0xf7, 0xf4, 0xfa, 0x86, 0xb6, 0xd9, 0x32, 0xd3, 0x31, 0xd2, 0x61, 0xde, 0xf3, + 0x77, 0xb1, 0x35, 0x22, 0x7a, 0x63, 0x43, 0xdb, 0x6c, 0x9a, 0xc9, 0x10, 0x6d, 0xc0, 0x02, 0x66, + 0xec, 0x21, 0xee, 0x13, 0xe7, 0x01, 0x39, 0xd6, 0x67, 0x24, 0x63, 0x7e, 0x4a, 0xf0, 0x62, 0xc6, + 0x1e, 0x61, 0x97, 0xe8, 0xb3, 0x72, 0x35, 0x19, 0xa2, 0xab, 0xd0, 0xf2, 0xb0, 0x4b, 0x42, 0x86, + 0x2d, 0xa2, 0x37, 0xe5, 0x5a, 0x36, 0x81, 0x7e, 0x0e, 0x4b, 0x39, 0xc3, 0x9f, 0xf8, 0x51, 0x60, + 0x11, 0x1d, 0xe4, 0xd6, 0x1f, 0x4f, 0xb7, 0xf5, 0x9d, 0xb2, 0x58, 0x73, 0x52, 0x13, 0xfa, 0x29, + 0xcc, 0xca, 0x93, 0xd7, 0x17, 0x36, 0x1a, 0x67, 0xea, 0xed, 0x58, 0x2c, 0xf2, 0x60, 0x9e, 0x39, + 0x91, 0x4d, 0xbd, 0x50, 0xbf, 0x20, 0x35, 0x3c, 0x9d, 0x4e, 0xc3, 0xae, 0xef, 0x0d, 0xa9, 0x7d, + 0x80, 0x3d, 0x6c, 0x13, 0x97, 0x78, 0xfc, 0x50, 0x0a, 0x37, 0x13, 0x25, 0xe8, 0x05, 0xb4, 0xc7, + 0x51, 0xc8, 0x7d, 0x97, 0xbe, 0x20, 0x8f, 0x99, 0xe0, 0x0d, 0xf5, 0x8b, 0xd2, 0x9b, 0x8f, 0xa6, + 0x53, 0xfc, 0xa0, 0x24, 0xd5, 0x9c, 0xd0, 0x23, 0x82, 0x64, 0x1c, 0xf5, 0xc9, 0x0f, 0x48, 0x20, + 0xa3, 0xeb, 0x52, 0x1c, 0x24, 0xb9, 0xa9, 0x38, 0x8c, 0xa8, 0x1a, 0x85, 0xfa, 0xe2, 0x46, 0x23, + 0x0e, 0xa3, 0x74, 0x0a, 0x6d, 0xc2, 0xe2, 0x11, 0x09, 0xe8, 0xf0, 0xf8, 0x09, 0xb5, 0x3d, 0xcc, + 0xa3, 0x80, 0xe8, 0x6d, 0x19, 0x8a, 0xe5, 0x69, 0xe4, 0xc2, 0xc5, 0x11, 0x71, 0x5c, 0xe1, 0xf2, + 0xdd, 0x80, 0x0c, 0x42, 0x7d, 0x49, 0xfa, 0x77, 0x6f, 0xfa, 0x13, 0x94, 0xe2, 0xcc, 0xa2, 0x74, + 0x61, 0x98, 0xe7, 0x9b, 0xea, 0xa6, 0xc4, 0x77, 0x04, 0xc5, 0x86, 0x95, 0xa6, 0xd1, 0x75, 0xb8, + 0xc4, 0x03, 0x6c, 0x8d, 0xa9, 0x67, 0x1f, 0x10, 0x3e, 0xf2, 0x07, 0xfa, 0x65, 0xe9, 0x89, 0xd2, + 0x2c, 0xb2, 0x00, 0x11, 0x0f, 0xf7, 0x1d, 0x32, 0x88, 0x63, 0xf1, 0xe9, 0x31, 0x23, 0xa1, 0xbe, + 0x2c, 0x77, 0x71, 0xab, 0x9b, 0xcb, 0x50, 0xa5, 0x04, 0xd1, 0xbd, 0x3b, 0xc1, 0x75, 0xd7, 0xe3, + 0xc1, 0xb1, 0x59, 0x21, 0x0e, 0x8d, 0x61, 0x41, 0xec, 0x23, 0x09, 0x85, 0x15, 0x19, 0x0a, 0xf7, + 0xa7, 0xf3, 0xd1, 0x7e, 0x26, 0xd0, 0xcc, 0x4b, 0x47, 0x5d, 0x40, 0x23, 0x1c, 0x1e, 0x44, 0x0e, + 0xa7, 0xcc, 0x21, 0xb1, 0x19, 0xa1, 0xbe, 0x2a, 0xdd, 0x54, 0xb1, 0x82, 0x1e, 0x00, 0x04, 0x64, + 0x98, 0xd0, 0xad, 0xc9, 0x9d, 0xdf, 0x3c, 0x6d, 0xe7, 0x66, 0x4a, 0x1d, 0xef, 0x38, 0xc7, 0xde, + 0xb9, 0x0b, 0x6b, 0x27, 0x38, 0x06, 0xb5, 0xa1, 0x31, 0x26, 0xc7, 0x32, 0xa1, 0xb6, 0x4c, 0xf1, + 0x89, 0x96, 0x61, 0xf6, 0x08, 0x3b, 0x11, 0x91, 0x29, 0xb0, 0x69, 0xc6, 0x83, 0x3b, 0xf5, 0x6f, + 0x6b, 0x9d, 0x5f, 0x6b, 0xb0, 0x58, 0x52, 0x53, 0xc1, 0xff, 0x93, 0x3c, 0xff, 0x19, 0x04, 0xdd, + 0xf0, 0x29, 0x0e, 0x6c, 0xc2, 0x73, 0x86, 0x18, 0xff, 0xd0, 0x40, 0x2f, 0xed, 0xff, 0x87, 0x94, + 0x8f, 0xee, 0x51, 0x87, 0x84, 0xe8, 0x36, 0xcc, 0x07, 0xf1, 0x9c, 0x2a, 0x13, 0x6f, 0x9d, 0xe2, + 0xb6, 0xfd, 0x9a, 0x99, 0x50, 0xa3, 0x8f, 0xa1, 0xe9, 0x12, 0x8e, 0x07, 0x98, 0x63, 0x65, 0xfb, + 0x46, 0x15, 0xa7, 0xd0, 0x72, 0xa0, 0xe8, 0xf6, 0x6b, 0x66, 0xca, 0x83, 0xde, 0x87, 0x59, 0x6b, + 0x14, 0x79, 0x63, 0x59, 0x20, 0x16, 0xb6, 0xdf, 0x3e, 0x89, 0x79, 0x57, 0x10, 0xed, 0xd7, 0xcc, + 0x98, 0xfa, 0x93, 0x39, 0x98, 0x61, 0x38, 0xe0, 0xc6, 0x3d, 0x58, 0xae, 0x52, 0x21, 0xaa, 0x92, + 0x35, 0x22, 0xd6, 0x38, 0x8c, 0x5c, 0xe5, 0xe6, 0x74, 0x8c, 0x10, 0xcc, 0x84, 0xf4, 0x45, 0xec, + 0xea, 0x86, 0x29, 0xbf, 0x8d, 0x6f, 0xc1, 0xd2, 0x84, 0x36, 0x71, 0xa8, 0xb1, 0x6d, 0x42, 0xc2, + 0x05, 0xa5, 0xda, 0x88, 0x60, 0xe5, 0xa9, 0xf4, 0x45, 0x9a, 0x9a, 0xcf, 0xa3, 0xce, 0x1a, 0xfb, + 0xb0, 0x5a, 0x56, 0x1b, 0x32, 0xdf, 0x0b, 0x89, 0xb8, 0x25, 0x32, 0x97, 0x51, 0x32, 0xc8, 0x56, + 0xa5, 0x15, 0x4d, 0xb3, 0x62, 0xc5, 0xf8, 0x45, 0x1d, 0x56, 0x4d, 0x12, 0xfa, 0xce, 0x11, 0x49, + 0x12, 0xcd, 0xf9, 0x40, 0x85, 0x1f, 0x43, 0x03, 0x33, 0xa6, 0xc2, 0xe4, 0xfe, 0x99, 0x15, 0x63, + 0x53, 0x48, 0x45, 0xef, 0xc2, 0x12, 0x76, 0xfb, 0xd4, 0x8e, 0xfc, 0x28, 0x4c, 0xb6, 0x25, 0x83, + 0xaa, 0x65, 0x4e, 0x2e, 0x18, 0x16, 0xac, 0x4d, 0xb8, 0x40, 0xb9, 0x33, 0x0f, 0x68, 0xb4, 0x12, + 0xa0, 0xa9, 0x54, 0x52, 0x3f, 0x49, 0xc9, 0x5f, 0x35, 0x68, 0x67, 0x57, 0x47, 0x89, 0xbf, 0x0a, + 0x2d, 0x57, 0xcd, 0x85, 0xba, 0x26, 0x0b, 0x56, 0x36, 0x51, 0xc4, 0x36, 0xf5, 0x32, 0xb6, 0x59, + 0x85, 0xb9, 0x18, 0x7a, 0xaa, 0x8d, 0xa9, 0x51, 0xc1, 0xe4, 0x99, 0x92, 0xc9, 0xeb, 0x00, 0x61, + 0x9a, 0xbf, 0xf4, 0x39, 0xb9, 0x9a, 0x9b, 0x41, 0x06, 0x5c, 0x88, 0x2b, 0xa1, 0x49, 0xc2, 0xc8, + 0xe1, 0xfa, 0xbc, 0xa4, 0x28, 0xcc, 0x19, 0x3e, 0x2c, 0x3e, 0xa4, 0x62, 0x0f, 0xc3, 0xf0, 0x7c, + 0x82, 0xfd, 0x03, 0x98, 0x11, 0xca, 0xc4, 0xc6, 0xfa, 0x01, 0xf6, 0xac, 0x11, 0x49, 0x7c, 0x95, + 0x8e, 0xc5, 0x35, 0xe6, 0xd8, 0x0e, 0xf5, 0xba, 0x9c, 0x97, 0xdf, 0xc6, 0x1f, 0xeb, 0xb1, 0xa5, + 0x3b, 0x8c, 0x85, 0xdf, 0x3c, 0xfc, 0xad, 0x2e, 0xc8, 0x8d, 0xc9, 0x82, 0x5c, 0x32, 0xf9, 0xeb, + 0x14, 0xe4, 0x33, 0x2a, 0x53, 0x46, 0x04, 0xf3, 0x3b, 0x8c, 0x09, 0x43, 0xd0, 0x16, 0xcc, 0x60, + 0xc6, 0x62, 0x87, 0x97, 0x32, 0xb2, 0x22, 0x11, 0xff, 0x2b, 0x93, 0x24, 0x69, 0xe7, 0x36, 0xb4, + 0xd2, 0xa9, 0x57, 0xa9, 0x6d, 0xe5, 0xd5, 0x6e, 0x00, 0xc4, 0x88, 0xf3, 0xbe, 0x37, 0xf4, 0xc5, + 0x91, 0x8a, 0x60, 0x57, 0xac, 0xf2, 0xdb, 0xb8, 0x93, 0x50, 0x48, 0xdb, 0xde, 0x85, 0x59, 0xca, + 0x89, 0x9b, 0x18, 0xb7, 0x9a, 0x37, 0x2e, 0x13, 0x64, 0xc6, 0x44, 0xc6, 0xdf, 0x9a, 0x70, 0x45, + 0x9c, 0xd8, 0x13, 0x79, 0x4d, 0x76, 0x18, 0xfb, 0x94, 0x70, 0x4c, 0x9d, 0xf0, 0x7b, 0x11, 0x09, + 0x8e, 0xdf, 0x70, 0x60, 0xd8, 0x30, 0x17, 0xdf, 0x32, 0x95, 0xef, 0xce, 0xbc, 0xf9, 0x50, 0xe2, + 0xb3, 0x8e, 0xa3, 0xf1, 0x66, 0x3a, 0x8e, 0xaa, 0x0e, 0x60, 0xe6, 0x9c, 0x3a, 0x80, 0x93, 0x9b, + 0xc0, 0x5c, 0x6b, 0x39, 0x57, 0x6c, 0x2d, 0x2b, 0x80, 0xf5, 0xfc, 0xeb, 0x02, 0xeb, 0x66, 0x25, + 0xb0, 0x76, 0x2b, 0xef, 0x71, 0x4b, 0xba, 0xfb, 0x3b, 0xf9, 0x08, 0x3c, 0x31, 0xd6, 0xa6, 0x81, + 0xd8, 0xf0, 0x46, 0x21, 0xf6, 0xf7, 0x0b, 0x90, 0x39, 0x6e, 0x5a, 0xdf, 0x7f, 0xbd, 0x3d, 0xfd, + 0x2f, 0x81, 0xe7, 0x5f, 0x49, 0xcc, 0xc4, 0xfc, 0xcc, 0x07, 0x69, 0x41, 0x17, 0x75, 0x48, 0x94, + 0x56, 0x95, 0xb4, 0xc4, 0x37, 0xba, 0x09, 0x33, 0xc2, 0xc9, 0x0a, 0xd4, 0xae, 0xe5, 0xfd, 0x29, + 0x4e, 0x62, 0x87, 0xb1, 0x27, 0x8c, 0x58, 0xa6, 0x24, 0x42, 0x77, 0xa0, 0x95, 0x06, 0xbe, 0xba, + 0x59, 0x57, 0xf3, 0x1c, 0xe9, 0x3d, 0x49, 0xd8, 0x32, 0x72, 0xc1, 0x3b, 0xa0, 0x01, 0xb1, 0x24, + 0xe4, 0x9b, 0x9d, 0xe4, 0xfd, 0x34, 0x59, 0x4c, 0x79, 0x53, 0x72, 0xb4, 0x05, 0x73, 0x71, 0x97, + 0x2f, 0x6f, 0xd0, 0xc2, 0xf6, 0x95, 0xc9, 0x64, 0x9a, 0x70, 0x29, 0x42, 0xe3, 0x2f, 0x1a, 0xbc, + 0x93, 0x05, 0x44, 0x72, 0x9b, 0x12, 0xd4, 0xfd, 0xcd, 0x57, 0xdc, 0xeb, 0x70, 0x49, 0xc2, 0xfc, + 0xac, 0xd9, 0x8f, 0xdf, 0x9d, 0x4a, 0xb3, 0xc6, 0x1f, 0x34, 0xb8, 0x36, 0xb9, 0x8f, 0xdd, 0x11, + 0x0e, 0x78, 0x7a, 0xbc, 0xe7, 0xb1, 0x97, 0xa4, 0xe0, 0xd5, 0xb3, 0x82, 0x57, 0xd8, 0x5f, 0xa3, + 0xb8, 0x3f, 0xe3, 0xcf, 0x75, 0x58, 0xc8, 0x05, 0x50, 0x55, 0xc1, 0x14, 0x80, 0x4f, 0xc6, 0xad, + 0x6c, 0xec, 0x64, 0x51, 0x68, 0x99, 0xb9, 0x19, 0x34, 0x06, 0x60, 0x38, 0xc0, 0x2e, 0xe1, 0x24, + 0x10, 0x99, 0x5c, 0xdc, 0xf8, 0x07, 0xd3, 0x67, 0x97, 0xc3, 0x44, 0xa6, 0x99, 0x13, 0x2f, 0x10, + 0xab, 0x54, 0x1d, 0xaa, 0xfc, 0xad, 0x46, 0xe8, 0x4b, 0xb8, 0x34, 0xa4, 0x0e, 0x39, 0xcc, 0x0c, + 0x99, 0x93, 0x86, 0x3c, 0x9e, 0xde, 0x90, 0x7b, 0x79, 0xb9, 0x66, 0x49, 0x8d, 0x71, 0x03, 0xda, + 0xe5, 0xfb, 0x24, 0x8c, 0xa4, 0x2e, 0xb6, 0x53, 0x6f, 0xa9, 0x91, 0x81, 0xa0, 0x5d, 0xbe, 0x3f, + 0xc6, 0x3f, 0xeb, 0xb0, 0x92, 0x8a, 0xdb, 0xf1, 0x3c, 0x3f, 0xf2, 0x2c, 0xf9, 0x70, 0x56, 0x79, + 0x16, 0xcb, 0x30, 0xcb, 0x29, 0x77, 0x52, 0xe0, 0x23, 0x07, 0xa2, 0x76, 0x71, 0xdf, 0x77, 0x38, + 0x65, 0xea, 0x80, 0x93, 0x61, 0x7c, 0xf6, 0xcf, 0x23, 0x1a, 0x90, 0x81, 0xcc, 0x04, 0x4d, 0x33, + 0x1d, 0x8b, 0x35, 0x81, 0x6a, 0x24, 0x8c, 0x8f, 0x9d, 0x99, 0x8e, 0x65, 0xdc, 0xfb, 0x8e, 0x43, + 0x2c, 0xe1, 0x8e, 0x1c, 0xd0, 0x2f, 0xcd, 0xca, 0x06, 0x82, 0x07, 0xd4, 0xb3, 0x15, 0xcc, 0x57, + 0x23, 0x61, 0x27, 0x0e, 0x02, 0x7c, 0xac, 0x37, 0xa5, 0x03, 0xe2, 0x01, 0xfa, 0x08, 0x1a, 0x2e, + 0x66, 0xaa, 0xd0, 0xdd, 0x28, 0x64, 0x87, 0x2a, 0x0f, 0x74, 0x0f, 0x30, 0x8b, 0x2b, 0x81, 0x60, + 0xeb, 0x7c, 0x00, 0xcd, 0x64, 0xe2, 0x6b, 0x41, 0xc2, 0x2f, 0xe0, 0x62, 0x21, 0xf9, 0xa0, 0xcf, + 0x61, 0x35, 0x8b, 0xa8, 0xbc, 0x42, 0x05, 0x02, 0xdf, 0x79, 0xa5, 0x65, 0xe6, 0x09, 0x02, 0x8c, + 0xe7, 0xb0, 0x24, 0x42, 0x46, 0x5e, 0xfc, 0x73, 0x6a, 0x6d, 0x3e, 0x84, 0x56, 0xaa, 0xb2, 0x32, + 0x66, 0x3a, 0xd0, 0x3c, 0x4a, 0x1e, 0x34, 0xe3, 0xde, 0x26, 0x1d, 0x1b, 0x3b, 0x80, 0xf2, 0xf6, + 0xaa, 0x0a, 0x74, 0xb3, 0x08, 0x8a, 0x57, 0xca, 0xe5, 0x46, 0x92, 0x27, 0x98, 0xf8, 0x37, 0x75, + 0x58, 0xdc, 0xa3, 0xf2, 0x95, 0xe3, 0x9c, 0x92, 0xdc, 0x0d, 0x68, 0x87, 0x51, 0xdf, 0xf5, 0x07, + 0x91, 0x43, 0x14, 0x28, 0x50, 0x95, 0x7e, 0x62, 0xfe, 0xb4, 0xe4, 0x27, 0x9c, 0xc5, 0x30, 0x1f, + 0xa9, 0x0e, 0x57, 0x7e, 0xa3, 0x8f, 0xe0, 0xca, 0x23, 0xf2, 0xa5, 0xda, 0xcf, 0x9e, 0xe3, 0xf7, + 0xfb, 0xd4, 0xb3, 0x13, 0x25, 0xb3, 0x52, 0xc9, 0xc9, 0x04, 0xc6, 0x2f, 0x35, 0x68, 0x67, 0xbe, + 0x50, 0xde, 0xbc, 0x1d, 0x47, 0x7d, 0xec, 0xcb, 0x6b, 0x79, 0x5f, 0x96, 0x49, 0xff, 0xf3, 0x80, + 0xbf, 0x90, 0x0f, 0xf8, 0x3f, 0x69, 0xb0, 0xb2, 0x47, 0x79, 0x92, 0x6a, 0xe8, 0x7f, 0xd9, 0xb9, + 0x18, 0x5d, 0x58, 0x2d, 0x9b, 0xaf, 0x5c, 0xb9, 0x0c, 0xb3, 0xe2, 0x94, 0x92, 0xde, 0x3d, 0x1e, + 0x6c, 0x7f, 0xd5, 0x82, 0xa5, 0xac, 0xf8, 0x8a, 0x7f, 0xa9, 0x45, 0xd0, 0x63, 0x68, 0xef, 0xa9, + 0x5f, 0xba, 0x92, 0x37, 0x13, 0x74, 0xda, 0x23, 0x64, 0xe7, 0x6a, 0xf5, 0x62, 0xac, 0xda, 0xa8, + 0x21, 0x0b, 0xae, 0x94, 0x05, 0x66, 0xef, 0x9d, 0xff, 0x7f, 0x8a, 0xe4, 0x94, 0xea, 0x55, 0x2a, + 0x36, 0x35, 0xf4, 0x39, 0x5c, 0x2a, 0xbe, 0xca, 0xa1, 0x42, 0x36, 0xaa, 0x7c, 0x28, 0xec, 0x18, + 0xa7, 0x91, 0xa4, 0xf6, 0x3f, 0x13, 0xd0, 0xb7, 0xf0, 0x44, 0x85, 0x8c, 0x22, 0x30, 0xaf, 0x7a, + 0xc2, 0xeb, 0xfc, 0xdf, 0xa9, 0x34, 0xa9, 0xf4, 0x0f, 0xa1, 0x99, 0x3c, 0xe9, 0x14, 0xdd, 0x5c, + 0x7a, 0xe8, 0xe9, 0xb4, 0x8b, 0xf2, 0x86, 0xa1, 0x51, 0x43, 0x1f, 0xc7, 0xcc, 0xa2, 0xe5, 0x9f, + 0x64, 0xce, 0x3d, 0x64, 0x74, 0x2e, 0x57, 0x3c, 0x1e, 0x18, 0x35, 0xf4, 0x5d, 0x58, 0x10, 0x5f, + 0x87, 0xea, 0x37, 0xa6, 0xd5, 0x6e, 0xfc, 0x93, 0x66, 0x37, 0xf9, 0x49, 0xb3, 0x7b, 0xd7, 0x65, + 0xfc, 0xb8, 0x53, 0xd1, 0xdd, 0x2b, 0x01, 0xcf, 0xe0, 0xe2, 0x1e, 0xe1, 0x19, 0x18, 0x47, 0xd7, + 0x5e, 0xab, 0x65, 0xe9, 0x18, 0x65, 0xb2, 0x49, 0x3c, 0x6f, 0xd4, 0xd0, 0x6f, 0x35, 0xb8, 0xbc, + 0x47, 0x78, 0x19, 0xde, 0xa2, 0xf7, 0xaa, 0x95, 0x9c, 0x00, 0x83, 0x3b, 0x8f, 0xa6, 0xbd, 0xaf, + 0x45, 0xb1, 0x46, 0x0d, 0xfd, 0x5e, 0x83, 0xb5, 0x9c, 0x61, 0x79, 0xbc, 0x8a, 0xb6, 0x4e, 0x37, + 0xae, 0x02, 0xdb, 0x76, 0x3e, 0x9b, 0xf2, 0xa7, 0xc3, 0x9c, 0x48, 0xa3, 0x86, 0x0e, 0xe5, 0x99, + 0x64, 0xe5, 0x09, 0xbd, 0x5d, 0x59, 0x87, 0x52, 0xed, 0xeb, 0x27, 0x2d, 0xa7, 0xe7, 0xf0, 0x19, + 0x2c, 0xec, 0x11, 0x9e, 0x64, 0xdd, 0x62, 0xa4, 0x95, 0x4a, 0x58, 0xf1, 0xaa, 0x96, 0x13, 0xb5, + 0x8c, 0x98, 0xa5, 0x58, 0x56, 0x2e, 0x4f, 0x15, 0xef, 0x6a, 0x65, 0x0a, 0x2e, 0x46, 0x4c, 0x75, + 0x9a, 0x33, 0x6a, 0x9f, 0xec, 0xfc, 0xfd, 0xe5, 0xba, 0xf6, 0xd5, 0xcb, 0x75, 0xed, 0x5f, 0x2f, + 0xd7, 0xb5, 0x1f, 0xdd, 0x7a, 0xc5, 0xef, 0xfd, 0xb9, 0x3f, 0x21, 0xc0, 0x8c, 0x5a, 0x0e, 0x25, + 0x1e, 0xef, 0xcf, 0xc9, 0xe0, 0xbf, 0xf5, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, 0x55, 0x0b, 0x09, + 0x7b, 0x61, 0x20, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -2922,26 +2902,6 @@ func (m *ManifestRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.ProjectName) > 0 { - i -= len(m.ProjectName) - copy(dAtA[i:], m.ProjectName) - i = encodeVarintRepository(dAtA, i, uint64(len(m.ProjectName))) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0xca - } - if len(m.ProjectSourceRepos) > 0 { - for iNdEx := len(m.ProjectSourceRepos) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.ProjectSourceRepos[iNdEx]) - copy(dAtA[i:], m.ProjectSourceRepos[iNdEx]) - i = encodeVarintRepository(dAtA, i, uint64(len(m.ProjectSourceRepos[iNdEx]))) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0xc2 - } - } if len(m.RefSources) > 0 { for k := range m.RefSources { v := m.RefSources[k] @@ -4982,16 +4942,6 @@ func (m *ManifestRequest) Size() (n int) { n += mapEntrySize + 2 + sovRepository(uint64(mapEntrySize)) } } - if len(m.ProjectSourceRepos) > 0 { - for _, s := range m.ProjectSourceRepos { - l = len(s) - n += 2 + l + sovRepository(uint64(l)) - } - } - l = len(m.ProjectName) - if l > 0 { - n += 2 + l + sovRepository(uint64(l)) - } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6586,70 +6536,6 @@ func (m *ManifestRequest) Unmarshal(dAtA []byte) error { } m.RefSources[mapkey] = mapvalue iNdEx = postIndex - case 24: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ProjectSourceRepos", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowRepository - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthRepository - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthRepository - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ProjectSourceRepos = append(m.ProjectSourceRepos, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 25: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ProjectName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowRepository - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthRepository - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthRepository - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ProjectName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipRepository(dAtA[iNdEx:]) diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index 4654257848f69..c0ed6f02e27c6 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -1066,11 +1066,6 @@ func runHelmBuild(appPath string, h helm.Helm) error { return os.WriteFile(markerFile, []byte("marker"), 0644) } -func isSourcePermitted(url string, repos []string) bool { - p := v1alpha1.AppProject{Spec: v1alpha1.AppProjectSpec{SourceRepos: repos}} - return p.IsSourcePermitted(v1alpha1.ApplicationSource{RepoURL: url}) -} - func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclient.ManifestRequest, isLocal bool, gitRepoPaths io.TempPaths) ([]*unstructured.Unstructured, error) { concurrencyAllowed := isConcurrencyAllowed(appPath) if !concurrencyAllowed { @@ -1167,20 +1162,6 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie if err != nil { return nil, err } - - var reposNotPermitted []string - // We do a sanity check here to give a nicer error message in case any of the Helm repositories are not permitted by - // the AppProject which the application is a part of - for _, repo := range helmRepos { - if !isSourcePermitted(repo.Repo, q.ProjectSourceRepos) { - reposNotPermitted = append(reposNotPermitted, repo.Repo) - } - } - - if len(reposNotPermitted) > 0 { - return nil, status.Errorf(codes.PermissionDenied, "helm repos %s are not permitted in project '%s'", strings.Join(reposNotPermitted, ", "), q.ProjectName) - } - h, err := helm.NewHelmApp(appPath, helmRepos, isLocal, version, proxy, passCredentials) if err != nil { return nil, err diff --git a/reposerver/repository/repository.proto b/reposerver/repository/repository.proto index 8e4b69000f7e1..37babd739b1c1 100644 --- a/reposerver/repository/repository.proto +++ b/reposerver/repository/repository.proto @@ -32,10 +32,6 @@ message ManifestRequest { github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.HelmOptions helmOptions = 21; bool hasMultipleSources = 22; map refSources = 23; - // This is used to surface "source not permitted" errors for Helm repositories - repeated string projectSourceRepos = 24; - // This is used to surface "source not permitted" errors for Helm repositories - string projectName = 25; } message ManifestRequestWithFiles { diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go index e49ac181006fd..0e13aa352e6d8 100644 --- a/reposerver/repository/repository_test.go +++ b/reposerver/repository/repository_test.go @@ -154,10 +154,8 @@ func TestGenerateYamlManifestInDir(t *testing.T) { src := argoappv1.ApplicationSource{Path: "."} q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &src, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + Repo: &argoappv1.Repository{}, + ApplicationSource: &src, } // update this value if we add/remove manifests @@ -224,8 +222,7 @@ func Test_GenerateManifests_NoOutOfBoundsAccess(t *testing.T) { mustNotContain = testCaseCopy.mustNotContain } - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}, ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}} res, err := GenerateManifests(context.Background(), repoDir, "", "", &q, false, &git.NoopCredsStore{}, resource.MustParse("0"), nil) require.Error(t, err) assert.NotContains(t, err.Error(), mustNotContain) @@ -240,8 +237,7 @@ func TestGenerateManifests_MissingSymlinkDestination(t *testing.T) { err := os.Symlink("/obviously/does/not/exist", path.Join(repoDir, "test.yaml")) require.NoError(t, err) - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}, ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}} _, err = GenerateManifests(context.Background(), repoDir, "", "", &q, false, &git.NoopCredsStore{}, resource.MustParse("0"), nil) require.NoError(t, err) } @@ -251,11 +247,9 @@ func TestGenerateManifests_K8SAPIResetCache(t *testing.T) { src := argoappv1.ApplicationSource{Path: "."} q := apiclient.ManifestRequest{ - KubeVersion: "v1.16.0", - Repo: &argoappv1.Repository{}, - ApplicationSource: &src, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + KubeVersion: "v1.16.0", + Repo: &argoappv1.Repository{}, + ApplicationSource: &src, } cachedFakeResponse := &apiclient.ManifestResponse{Manifests: []string{"Fake"}} @@ -279,10 +273,8 @@ func TestGenerateManifests_EmptyCache(t *testing.T) { src := argoappv1.ApplicationSource{Path: "."} q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &src, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + Repo: &argoappv1.Repository{}, + ApplicationSource: &src, } err := service.cache.SetManifests(mock.Anything, &src, q.RefSources, &q, "", "", "", "", &cache.CachedManifestResponse{ManifestResponse: nil}, nil) @@ -297,8 +289,7 @@ func TestGenerateManifests_EmptyCache(t *testing.T) { func TestHelmManifestFromChartRepo(t *testing.T) { service := newService(".") source := &argoappv1.ApplicationSource{Chart: "my-chart", TargetRevision: ">= 1.0.0"} - request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true} response, err := service.GenerateManifest(context.Background(), request) assert.NoError(t, err) assert.NotNil(t, response) @@ -327,8 +318,7 @@ func TestHelmChartReferencingExternalValues(t *testing.T) { }, nil) refSources, err := argo.GetRefSources(context.Background(), spec, repoDB) require.NoError(t, err) - request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true} response, err := service.GenerateManifest(context.Background(), request) assert.NoError(t, err) assert.NotNil(t, response) @@ -380,8 +370,7 @@ func TestGenerateManifestsUseExactRevision(t *testing.T) { src := argoappv1.ApplicationSource{Path: "./testdata/recurse", Directory: &argoappv1.ApplicationSourceDirectory{Recurse: true}} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, Revision: "abc", ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, Revision: "abc"} res1, err := service.GenerateManifest(context.Background(), &q) assert.Nil(t, err) @@ -394,8 +383,7 @@ func TestRecurseManifestsInDir(t *testing.T) { src := argoappv1.ApplicationSource{Path: "./testdata/recurse", Directory: &argoappv1.ApplicationSourceDirectory{Recurse: true}} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src} res1, err := service.GenerateManifest(context.Background(), &q) assert.Nil(t, err) @@ -450,8 +438,6 @@ func TestGenerateJsonnetManifestInDir(t *testing.T) { }, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, } res1, err := service.GenerateManifest(context.Background(), &q) assert.Nil(t, err) @@ -473,8 +459,6 @@ func TestGenerateJsonnetManifestInRootDir(t *testing.T) { }, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, } res1, err := service.GenerateManifest(context.Background(), &q) assert.Nil(t, err) @@ -494,8 +478,6 @@ func TestGenerateJsonnetLibOutside(t *testing.T) { }, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, } _, err := service.GenerateManifest(context.Background(), &q) require.Error(t, err) @@ -670,8 +652,6 @@ func TestManifestGenErrorCacheFileContentsChange(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: ".", }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) fmt.Println("-", step, "-", res != nil, err != nil, errorExpected) @@ -840,8 +820,6 @@ func TestGenerateHelmWithValues(t *testing.T) { ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) @@ -877,8 +855,6 @@ func TestHelmWithMissingValueFiles(t *testing.T) { ValueFiles: []string{"values-production.yaml", missingValuesFile}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, } // Should fail since we're passing a non-existent values file, and error should indicate that @@ -904,8 +880,6 @@ func TestGenerateHelmWithEnvVars(t *testing.T) { ValueFiles: []string{"values-$ARGOCD_APP_NAME.yaml"}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) @@ -941,8 +915,6 @@ func TestGenerateHelmWithValuesDirectoryTraversal(t *testing.T) { ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) @@ -954,8 +926,6 @@ func TestGenerateHelmWithValuesDirectoryTraversal(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: "./my-chart", }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) } @@ -980,11 +950,10 @@ func TestHelmManifestFromChartRepoWithValueFile(t *testing.T) { }, } request := &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: source, - NoCache: true, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + Repo: &argoappv1.Repository{}, + ApplicationSource: source, + NoCache: true, + } response, err := service.GenerateManifest(context.Background(), request) assert.NoError(t, err) assert.NotNil(t, response) @@ -1023,8 +992,7 @@ func TestHelmManifestFromChartRepoWithValueFileLinks(t *testing.T) { ValueFiles: []string{"my-chart-link.yaml"}, }, } - request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true} _, err := service.GenerateManifest(context.Background(), request) assert.NoError(t, err) }) @@ -1043,9 +1011,8 @@ func TestGenerateHelmWithURL(t *testing.T) { ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, - HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"https"}}, + + HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"https"}}, }) assert.NoError(t, err) } @@ -1065,8 +1032,6 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.Error(t, err) assert.Contains(t, err.Error(), "outside repository root") @@ -1084,8 +1049,6 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) }) @@ -1102,8 +1065,6 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) }) @@ -1120,8 +1081,6 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.Error(t, err) assert.Contains(t, err.Error(), "outside repository root") @@ -1139,8 +1098,6 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.Error(t, err) assert.Contains(t, err.Error(), "is not allowed") @@ -1157,9 +1114,7 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ValueFiles: []string{"s3://my-bucket/my-chart-values.yaml"}, }, }, - HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"s3"}}, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"s3"}}, }) assert.Error(t, err) assert.Contains(t, err.Error(), "s3://my-bucket/my-chart-values.yaml: no such file or directory") @@ -1198,8 +1153,6 @@ func TestGenerateHelmWithAbsoluteFileParameter(t *testing.T) { }}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.Error(t, err) } @@ -1226,8 +1179,6 @@ func TestGenerateHelmWithFileParameter(t *testing.T) { }}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) assert.Contains(t, res.Manifests[6], `"replicas":2`, "ValuesObject should override Values") @@ -1238,11 +1189,9 @@ func TestGenerateNullList(t *testing.T) { t.Run("null list", func(t *testing.T) { res1, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/null-list"}, - NoCache: true, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/null-list"}, + NoCache: true, }) assert.Nil(t, err) assert.Equal(t, len(res1.Manifests), 1) @@ -1251,11 +1200,9 @@ func TestGenerateNullList(t *testing.T) { t.Run("empty list", func(t *testing.T) { res1, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/empty-list"}, - NoCache: true, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/empty-list"}, + NoCache: true, }) assert.Nil(t, err) assert.Equal(t, len(res1.Manifests), 1) @@ -1264,11 +1211,9 @@ func TestGenerateNullList(t *testing.T) { t.Run("weird list", func(t *testing.T) { res1, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/weird-list"}, - NoCache: true, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/weird-list"}, + NoCache: true, }) assert.Nil(t, err) assert.Len(t, res1.Manifests, 2) @@ -1291,10 +1236,8 @@ func TestIdentifyAppSourceTypeByAppDirWithKustomizations(t *testing.T) { func TestGenerateFromUTF16(t *testing.T) { q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &argoappv1.ApplicationSource{}, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{}, } res1, err := GenerateManifests(context.Background(), "./testdata/utf-16", "/", "", &q, false, &git.NoopCredsStore{}, resource.MustParse("0"), nil) assert.Nil(t, err) @@ -1473,11 +1416,9 @@ func TestGetSignatureVerificationResult(t *testing.T) { src := argoappv1.ApplicationSource{Path: "."} q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &src, - VerifySignature: true, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + Repo: &argoappv1.Repository{}, + ApplicationSource: &src, + VerifySignature: true, } res, err := service.GenerateManifest(context.Background(), &q) @@ -1489,8 +1430,7 @@ func TestGetSignatureVerificationResult(t *testing.T) { service := newServiceWithSignature("../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src} res, err := service.GenerateManifest(context.Background(), &q) assert.NoError(t, err) @@ -1501,8 +1441,7 @@ func TestGetSignatureVerificationResult(t *testing.T) { service := newService("../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true} res, err := service.GenerateManifest(context.Background(), &q) assert.NoError(t, err) @@ -1513,8 +1452,7 @@ func TestGetSignatureVerificationResult(t *testing.T) { service := newService("../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true} res, err := service.GenerateManifest(context.Background(), &q) assert.NoError(t, err) @@ -1673,8 +1611,6 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: path, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) require.NoError(t, err) resourceByKindName := make(map[string]*unstructured.Unstructured) @@ -1704,8 +1640,6 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: path, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) require.NoError(t, err) resourceByKindName := make(map[string]*unstructured.Unstructured) @@ -1735,9 +1669,7 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: path, }, - AppName: "testapp", - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + AppName: "testapp", }) require.NoError(t, err) resourceByKindName := make(map[string]*unstructured.Unstructured) @@ -1767,9 +1699,7 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: path, }, - AppName: "testapp2", - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + AppName: "testapp2", }) require.NoError(t, err) resourceByKindName := make(map[string]*unstructured.Unstructured) @@ -1799,11 +1729,9 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { } sourceCopy := source.DeepCopy() // make a copy in case GenerateManifest mutates it. _, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: sourceCopy, - AppName: "test", - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + Repo: &argoappv1.Repository{}, + ApplicationSource: sourceCopy, + AppName: "test", }) assert.NoError(t, err) res := &cache.CachedManifestResponse{} @@ -1837,9 +1765,7 @@ func TestGenerateManifestWithAnnotatedAndRegularGitTagHashes(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ TargetRevision: regularGitTagHash, }, - NoCache: true, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + NoCache: true, }, wantError: false, service: newServiceWithCommitSHA(".", regularGitTagHash), @@ -1853,9 +1779,7 @@ func TestGenerateManifestWithAnnotatedAndRegularGitTagHashes(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ TargetRevision: annotatedGitTaghash, }, - NoCache: true, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + NoCache: true, }, wantError: false, service: newServiceWithCommitSHA(".", annotatedGitTaghash), @@ -1869,9 +1793,7 @@ func TestGenerateManifestWithAnnotatedAndRegularGitTagHashes(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ TargetRevision: invalidGitTaghash, }, - NoCache: true, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + NoCache: true, }, wantError: true, service: newServiceWithCommitSHA(".", invalidGitTaghash), diff --git a/server/application/application.go b/server/application/application.go index fe9697dc77056..a0323cde5bccc 100644 --- a/server/application/application.go +++ b/server/application/application.go @@ -463,11 +463,6 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan return fmt.Errorf("error getting API resources: %w", err) } - proj, err := argo.GetAppProject(a, applisters.NewAppProjectLister(s.projInformer.GetIndexer()), s.ns, s.settingsMgr, s.db, ctx) - if err != nil { - return fmt.Errorf("error getting app project: %w", err) - } - manifestInfo, err = client.GenerateManifest(ctx, &apiclient.ManifestRequest{ Repo: repo, Revision: revision, @@ -483,8 +478,6 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan HelmOptions: helmOptions, TrackingMethod: string(argoutil.GetTrackingMethod(s.settingsMgr)), EnabledSourceTypes: enableGenerateManifests, - ProjectName: proj.Name, - ProjectSourceRepos: proj.Spec.SourceRepos, }) if err != nil { return fmt.Errorf("error generating manifests: %w", err) @@ -560,12 +553,6 @@ func (s *Server) GetManifestsWithFiles(stream application.ApplicationService_Get } source := a.Spec.GetSource() - - proj, err := argo.GetAppProject(a, applisters.NewAppProjectLister(s.projInformer.GetIndexer()), s.ns, s.settingsMgr, s.db, ctx) - if err != nil { - return fmt.Errorf("error getting app project: %w", err) - } - req := &apiclient.ManifestRequest{ Repo: repo, Revision: source.TargetRevision, @@ -581,8 +568,6 @@ func (s *Server) GetManifestsWithFiles(stream application.ApplicationService_Get HelmOptions: helmOptions, TrackingMethod: string(argoutil.GetTrackingMethod(s.settingsMgr)), EnabledSourceTypes: enableGenerateManifests, - ProjectName: proj.Name, - ProjectSourceRepos: proj.Spec.SourceRepos, } repoStreamClient, err := client.GenerateManifestWithFiles(stream.Context()) @@ -1175,7 +1160,6 @@ func (s *Server) validateAndNormalizeApp(ctx context.Context, app *appv1.Applica } var conditions []appv1.ApplicationCondition - if validate { conditions := make([]appv1.ApplicationCondition, 0) condition, err := argo.ValidateRepo(ctx, app, s.repoClientset, s.db, s.kubectl, proj, s.settingsMgr) diff --git a/test/e2e/helm_test.go b/test/e2e/helm_test.go index a8dc3a8332805..2aed6a6973b8f 100644 --- a/test/e2e/helm_test.go +++ b/test/e2e/helm_test.go @@ -20,7 +20,6 @@ import ( "github.com/argoproj/argo-cd/v2/test/e2e/fixture" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture/app" - projectFixture "github.com/argoproj/argo-cd/v2/test/e2e/fixture/project" "github.com/argoproj/argo-cd/v2/test/e2e/fixture/repos" . "github.com/argoproj/argo-cd/v2/util/errors" "github.com/argoproj/argo-cd/v2/util/settings" @@ -401,45 +400,6 @@ func TestHelmWithMultipleDependencies(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)) } -func TestHelmWithMultipleDependenciesPermissionDenied(t *testing.T) { - SkipOnEnv(t, "HELM") - - projName := "argo-helm-project-denied" - projectFixture. - Given(t). - Name(projName). - Destination("*,*"). - When(). - Create(). - AddSource(RepoURL(RepoURLTypeFile)) - - expectedErr := fmt.Sprintf("helm repos localhost:5000/myrepo are not permitted in project '%s'", projName) - GivenWithSameState(t). - Project(projName). - Path("helm-oci-with-dependencies"). - CustomCACertAdded(). - HelmHTTPSCredentialsUserPassAdded(). - HelmPassCredentials(). - When(). - IgnoreErrors(). - CreateApp(). - Then(). - Expect(Error("", expectedErr)) - - expectedErr = fmt.Sprintf("helm repos https://localhost:9444/argo-e2e/testdata.git/helm-repo/local, https://localhost:9444/argo-e2e/testdata.git/helm-repo/local2 are not permitted in project '%s'", projName) - GivenWithSameState(t). - Project(projName). - Path("helm-with-multiple-dependencies"). - CustomCACertAdded(). - HelmHTTPSCredentialsUserPassAdded(). - HelmPassCredentials(). - When(). - IgnoreErrors(). - CreateApp(). - Then(). - Expect(Error("", expectedErr)) -} - func TestHelmWithDependenciesLegacyRepo(t *testing.T) { SkipOnEnv(t, "HELM") testHelmWithDependencies(t, "helm-with-dependencies", true) diff --git a/test/e2e/testdata/helm-with-multiple-dependencies/Chart.yaml b/test/e2e/testdata/helm-with-multiple-dependencies/Chart.yaml index f7f144d20e123..fc1982761746c 100644 --- a/test/e2e/testdata/helm-with-multiple-dependencies/Chart.yaml +++ b/test/e2e/testdata/helm-with-multiple-dependencies/Chart.yaml @@ -1,11 +1,7 @@ apiVersion: v2 -name: helm-with-multiple-dependencies +name: helm-with-dependencies version: v1.0.0 dependencies: - name: helm repository: "https://localhost:9444/argo-e2e/testdata.git/helm-repo/local" version: v1.0.0 - - name: helm - repository: "https://localhost:9444/argo-e2e/testdata.git/helm-repo/local2" - version: v1.0.0 - alias: helm2 \ No newline at end of file diff --git a/util/argo/argo.go b/util/argo/argo.go index 9b08d3aeeb847..b32369ea70c48 100644 --- a/util/argo/argo.go +++ b/util/argo/argo.go @@ -419,7 +419,6 @@ func validateRepo(ctx context.Context, helmOptions, app.Name, app.Spec.Destination, - proj, sources, repoClient, cluster.ServerVersion, @@ -704,7 +703,6 @@ func verifyGenerateManifests( helmOptions *argoappv1.HelmOptions, name string, dest argoappv1.ApplicationDestination, - proj *argoappv1.AppProject, sources []argoappv1.ApplicationSource, repoClient apiclient.RepoServerServiceClient, kubeVersion string, @@ -771,8 +769,6 @@ func verifyGenerateManifests( NoRevisionCache: true, HasMultipleSources: hasMultipleSources, RefSources: refSources, - ProjectName: proj.Name, - ProjectSourceRepos: proj.Spec.SourceRepos, } req.Repo.CopyCredentialsFromRepo(repoRes) req.Repo.CopySettingsFrom(repoRes) From 82702251a3b97894943226dffc30e56872ad43e6 Mon Sep 17 00:00:00 2001 From: Talia Stocks <928827+taliastocks@users.noreply.github.com> Date: Wed, 2 Aug 2023 18:22:22 -0400 Subject: [PATCH 084/105] fix: Repo URL link for unsupported sources links to https:///null/path/to/chart (#14861) * Fix #14860 Fix #14860 Signed-off-by: Talia Stocks <928827+taliastocks@users.noreply.github.com> * Update USERS.md Signed-off-by: Talia Stocks <928827+taliastocks@users.noreply.github.com> --------- Signed-off-by: Talia Stocks <928827+taliastocks@users.noreply.github.com> --- USERS.md | 1 + ui/src/app/shared/components/revision.tsx | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/USERS.md b/USERS.md index db1a5f0da6ff5..7fef7908ce35a 100644 --- a/USERS.md +++ b/USERS.md @@ -194,6 +194,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [OpsVerse](https://opsverse.io) 1. [Optoro](https://www.optoro.com/) 1. [Orbital Insight](https://orbitalinsight.com/) +1. [Oscar Health Insurance](https://hioscar.com/) 1. [p3r](https://www.p3r.one/) 1. [Packlink](https://www.packlink.com/) 1. [PagerDuty](https://www.pagerduty.com/) diff --git a/ui/src/app/shared/components/revision.tsx b/ui/src/app/shared/components/revision.tsx index fe9c2046e2c04..ccc0e1afe5183 100644 --- a/ui/src/app/shared/components/revision.tsx +++ b/ui/src/app/shared/components/revision.tsx @@ -9,7 +9,7 @@ export const Revision = ({repoUrl, revision, path, isForPath, children}: {repoUr revision = revision || ''; const hasPath = path && path !== '.'; let url = revisionUrl(repoUrl, revision, hasPath); - if (hasPath) { + if (url !== null && hasPath) { url += '/' + path; } const content = children || (isSHA(revision) ? revision.substr(0, 7) : revision); From fc60f007c2270da59bcf216fe646a3fc3f4f4a1f Mon Sep 17 00:00:00 2001 From: Alexander Matyushentsev Date: Thu, 3 Aug 2023 13:47:10 -0700 Subject: [PATCH 085/105] fix: correct discrepancies in generated swagger file (#14813) Signed-off-by: Alexander Matyushentsev --- assets/swagger.json | 25 ++++++++----------------- hack/generate-proto.sh | 5 ++++- 2 files changed, 12 insertions(+), 18 deletions(-) diff --git a/assets/swagger.json b/assets/swagger.json index b45e3fd09623d..c9dfc6658cd1e 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -5654,19 +5654,8 @@ }, "v1Time": { "description": "Time is a wrapper around time.Time which supports correct\nmarshaling to YAML and JSON. Wrappers are provided for many\nof the factory methods that the time package offers.\n\n+protobuf.options.marshal=false\n+protobuf.as=Timestamp\n+protobuf.options.(gogoproto.goproto_stringer)=false", - "type": "object", - "properties": { - "nanos": { - "description": "Non-negative fractions of a second at nanosecond resolution. Negative\nsecond values with fractions must still have non-negative nanos values\nthat count forward in time. Must be from 0 to 999,999,999\ninclusive. This field may be limited in precision depending on context.", - "type": "integer", - "format": "int32" - }, - "seconds": { - "description": "Represents seconds of UTC time since Unix epoch\n1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to\n9999-12-31T23:59:59Z inclusive.", - "type": "string", - "format": "int64" - } - } + "type": "string", + "format": "date-time" }, "v1alpha1AWSAuthConfig": { "type": "object", @@ -8223,13 +8212,15 @@ "$ref": "#/definitions/v1alpha1ResourceRef" } }, - "resourceRef": { - "$ref": "#/definitions/v1alpha1ResourceRef" - }, "resourceVersion": { "type": "string" } - } + }, + "allOf": [ + { + "$ref": "#/definitions/v1alpha1ResourceRef" + } + ] }, "v1alpha1ResourceOverride": { "type": "object", diff --git a/hack/generate-proto.sh b/hack/generate-proto.sh index fcfe4e4f0e4d0..1df4655d485dc 100755 --- a/hack/generate-proto.sh +++ b/hack/generate-proto.sh @@ -118,7 +118,10 @@ EOF del(.definitions.v1alpha1OptionalArray) | .definitions.v1alpha1ApplicationSourcePluginParameter.properties.map = {"description":"Map is the value of a map type parameter.","type":"object","additionalProperties":{"type":"string"}} | del(.definitions.v1alpha1OptionalMap) - ' "${COMBINED_SWAGGER}" > "${SWAGGER_OUT}" + ' "${COMBINED_SWAGGER}" | \ + jq '.definitions.v1Time.type = "string" | .definitions.v1Time.format = "date-time" | del(.definitions.v1Time.properties)' | \ + jq '.definitions.v1alpha1ResourceNode.allOf = [{"$ref": "#/definitions/v1alpha1ResourceRef"}] | del(.definitions.v1alpha1ResourceNode.properties.resourceRef) ' \ + > "${SWAGGER_OUT}" /bin/rm "${PRIMARY_SWAGGER}" "${COMBINED_SWAGGER}" } From 21c71320bca7c0b3989e8cb3be28ebe47c75908b Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Thu, 3 Aug 2023 18:06:19 -0400 Subject: [PATCH 086/105] chore: wrap ComparisonError messages (#14886) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- controller/cache/cache.go | 4 +-- controller/state.go | 50 ++++++++++++++++++------------- reposerver/apiclient/clientset.go | 3 +- util/argo/diff/diff.go | 19 ++++++++---- util/db/helmrepository.go | 9 +++--- util/db/repository.go | 42 ++++++++++++++++++-------- util/db/repository_legacy.go | 7 +++-- util/db/repository_secrets.go | 4 +-- util/settings/settings.go | 12 ++++---- util/settings/settings_test.go | 2 +- 10 files changed, 95 insertions(+), 57 deletions(-) diff --git a/controller/cache/cache.go b/controller/cache/cache.go index b62185dc4589f..ef0ce1f4fcf76 100644 --- a/controller/cache/cache.go +++ b/controller/cache/cache.go @@ -620,7 +620,7 @@ func (c *liveStateCache) GetNamespaceTopLevelResources(server string, namespace func (c *liveStateCache) GetManagedLiveObjs(a *appv1.Application, targetObjs []*unstructured.Unstructured) (map[kube.ResourceKey]*unstructured.Unstructured, error) { clusterInfo, err := c.getSyncedCluster(a.Spec.Destination.Server) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to get cluster info for %q: %w", a.Spec.Destination.Server, err) } return clusterInfo.GetManagedLiveObjs(targetObjs, func(r *clustercache.Resource) bool { return resInfo(r).AppName == a.InstanceName(c.settingsMgr.GetNamespace()) @@ -630,7 +630,7 @@ func (c *liveStateCache) GetManagedLiveObjs(a *appv1.Application, targetObjs []* func (c *liveStateCache) GetVersionsInfo(serverURL string) (string, []kube.APIResourceInfo, error) { clusterInfo, err := c.getSyncedCluster(serverURL) if err != nil { - return "", nil, err + return "", nil, fmt.Errorf("failed to get cluster info for %q: %w", serverURL, err) } return clusterInfo.GetServerVersion(), clusterInfo.GetAPIResources(), nil } diff --git a/controller/state.go b/controller/state.go index a289b0aba963a..a2765f249bc82 100644 --- a/controller/state.go +++ b/controller/state.go @@ -111,47 +111,47 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp ts := stats.NewTimingStats() helmRepos, err := m.db.ListHelmRepositories(context.Background()) if err != nil { - return nil, nil, err + return nil, nil, fmt.Errorf("failed to list Helm repositories: %w", err) } permittedHelmRepos, err := argo.GetPermittedRepos(proj, helmRepos) if err != nil { - return nil, nil, err + return nil, nil, fmt.Errorf("failed to get permitted Helm repositories for project %q: %w", proj.Name, err) } ts.AddCheckpoint("repo_ms") helmRepositoryCredentials, err := m.db.GetAllHelmRepositoryCredentials(context.Background()) if err != nil { - return nil, nil, err + return nil, nil, fmt.Errorf("failed to get Helm credentials: %w", err) } permittedHelmCredentials, err := argo.GetPermittedReposCredentials(proj, helmRepositoryCredentials) if err != nil { - return nil, nil, err + return nil, nil, fmt.Errorf("failed to get permitted Helm credentials for project %q: %w", proj.Name, err) } enabledSourceTypes, err := m.settingsMgr.GetEnabledSourceTypes() if err != nil { - return nil, nil, err + return nil, nil, fmt.Errorf("failed to get enabled source types: %w", err) } ts.AddCheckpoint("plugins_ms") kustomizeSettings, err := m.settingsMgr.GetKustomizeSettings() if err != nil { - return nil, nil, err + return nil, nil, fmt.Errorf("failed to get Kustomize settings: %w", err) } helmOptions, err := m.settingsMgr.GetHelmSettings() if err != nil { - return nil, nil, err + return nil, nil, fmt.Errorf("failed to get Helm settings: %w", err) } ts.AddCheckpoint("build_options_ms") serverVersion, apiResources, err := m.liveStateCache.GetVersionsInfo(app.Spec.Destination.Server) if err != nil { - return nil, nil, err + return nil, nil, fmt.Errorf("failed to get cluster version for cluster %q: %w", app.Spec.Destination.Server, err) } conn, repoClient, err := m.repoClientset.NewRepoServerClient() if err != nil { - return nil, nil, err + return nil, nil, fmt.Errorf("failed to connect to repo server: %w", err) } defer io.Close(conn) @@ -171,11 +171,11 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp ts.AddCheckpoint("helm_ms") repo, err := m.db.GetRepository(context.Background(), source.RepoURL) if err != nil { - return nil, nil, err + return nil, nil, fmt.Errorf("failed to get repo %q: %w", source.RepoURL, err) } kustomizeOptions, err := kustomizeSettings.GetOptions(source) if err != nil { - return nil, nil, err + return nil, nil, fmt.Errorf("failed to get Kustomize options for source %d of %d: %w", i+1, len(sources), err) } ts.AddCheckpoint("version_ms") @@ -202,13 +202,13 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp RefSources: refSources, }) if err != nil { - return nil, nil, err + return nil, nil, fmt.Errorf("failed to generate manifest for source %d of %d: %w", i+1, len(sources), err) } targetObj, err := unmarshalManifests(manifestInfo.Manifests) if err != nil { - return nil, nil, err + return nil, nil, fmt.Errorf("failed to unmarshal manifests for source %d of %d: %w", i+1, len(sources), err) } targetObjs = append(targetObjs, targetObj...) @@ -398,7 +398,8 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 targetObjs, manifestInfos, err = m.getRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project) if err != nil { targetObjs = make([]*unstructured.Unstructured, 0) - conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now}) + msg := fmt.Sprintf("Failed to load target state: %s", err.Error()) + conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: msg, LastTransitionTime: &now}) failedToLoadObjs = true } } else { @@ -413,7 +414,8 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 targetObjs, err = unmarshalManifests(localManifests) if err != nil { targetObjs = make([]*unstructured.Unstructured, 0) - conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now}) + msg := fmt.Sprintf("Failed to load local manifests: %s", err.Error()) + conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: msg, LastTransitionTime: &now}) failedToLoadObjs = true } } @@ -429,7 +431,8 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 } targetObjs, dedupConditions, err := DeduplicateTargetObjects(app.Spec.Destination.Namespace, targetObjs, infoProvider) if err != nil { - conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now}) + msg := fmt.Sprintf("Failed to deduplicate target state: %s", err.Error()) + conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: msg, LastTransitionTime: &now}) } conditions = append(conditions, dedupConditions...) for i := len(targetObjs) - 1; i >= 0; i-- { @@ -449,7 +452,8 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 liveObjByKey, err := m.liveStateCache.GetManagedLiveObjs(app, targetObjs) if err != nil { liveObjByKey = make(map[kubeutil.ResourceKey]*unstructured.Unstructured) - conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now}) + msg := fmt.Sprintf("Failed to load live state: %s", err.Error()) + conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: msg, LastTransitionTime: &now}) failedToLoadObjs = true } @@ -458,11 +462,16 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 // filter out all resources which are not permitted in the application project for k, v := range liveObjByKey { permitted, err := project.IsLiveResourcePermitted(v, app.Spec.Destination.Server, app.Spec.Destination.Name, func(project string) ([]*v1alpha1.Cluster, error) { - return m.db.GetProjectClusters(context.TODO(), project) + clusters, err := m.db.GetProjectClusters(context.TODO(), project) + if err != nil { + return nil, fmt.Errorf("failed to get clusters for project %q: %v", project, err) + } + return clusters, nil }) if err != nil { - conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now}) + msg := fmt.Sprintf("Failed to check if live resource %q is permitted in project %q: %s", k.String(), app.Spec.Project, err.Error()) + conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: msg, LastTransitionTime: &now}) failedToLoadObjs = true continue } @@ -539,7 +548,8 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 if err != nil { diffResults = &diff.DiffResultList{} failedToLoadObjs = true - conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now}) + msg := fmt.Sprintf("Failed to compare desired state to live state: %s", err.Error()) + conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: msg, LastTransitionTime: &now}) } ts.AddCheckpoint("diff_ms") diff --git a/reposerver/apiclient/clientset.go b/reposerver/apiclient/clientset.go index c48a508d06599..4a42235b7049c 100644 --- a/reposerver/apiclient/clientset.go +++ b/reposerver/apiclient/clientset.go @@ -3,6 +3,7 @@ package apiclient import ( "crypto/tls" "crypto/x509" + "fmt" "time" grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" @@ -48,7 +49,7 @@ type clientSet struct { func (c *clientSet) NewRepoServerClient() (io.Closer, RepoServerServiceClient, error) { conn, err := NewConnection(c.address, c.timeoutSeconds, &c.tlsConfig) if err != nil { - return nil, nil, err + return nil, nil, fmt.Errorf("failed to open a new connection to repo server: %w", err) } return conn, NewRepoServerServiceClient(conn), nil } diff --git a/util/argo/diff/diff.go b/util/argo/diff/diff.go index 6f32084dadce3..9b104719c5616 100644 --- a/util/argo/diff/diff.go +++ b/util/argo/diff/diff.go @@ -5,11 +5,12 @@ import ( "github.com/go-logr/logr" + k8smanagedfields "k8s.io/apimachinery/pkg/util/managedfields" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/argo/managedfields" appstatecache "github.com/argoproj/argo-cd/v2/util/cache/appstate" - k8smanagedfields "k8s.io/apimachinery/pkg/util/managedfields" "github.com/argoproj/gitops-engine/pkg/diff" "github.com/argoproj/gitops-engine/pkg/utils/kube" @@ -239,12 +240,12 @@ func StateDiff(live, config *unstructured.Unstructured, diffConfig DiffConfig) ( func StateDiffs(lives, configs []*unstructured.Unstructured, diffConfig DiffConfig) (*diff.DiffResultList, error) { normResults, err := preDiffNormalize(lives, configs, diffConfig) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to perform pre-diff normalization: %w", err) } diffNormalizer, err := newDiffNormalizer(diffConfig.Ignores(), diffConfig.Overrides()) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to create diff normalizer: %w", err) } diffOpts := []diff.Option{ @@ -261,9 +262,17 @@ func StateDiffs(lives, configs []*unstructured.Unstructured, diffConfig DiffConf useCache, cachedDiff := diffConfig.DiffFromCache(diffConfig.AppName()) if useCache && cachedDiff != nil { - return diffArrayCached(normResults.Targets, normResults.Lives, cachedDiff, diffOpts...) + cached, err := diffArrayCached(normResults.Targets, normResults.Lives, cachedDiff, diffOpts...) + if err != nil { + return nil, fmt.Errorf("failed to calculate diff from cache: %w", err) + } + return cached, nil + } + array, err := diff.DiffArray(normResults.Targets, normResults.Lives, diffOpts...) + if err != nil { + return nil, fmt.Errorf("failed to calculate diff: %w", err) } - return diff.DiffArray(normResults.Targets, normResults.Lives, diffOpts...) + return array, nil } func diffArrayCached(configArray []*unstructured.Unstructured, liveArray []*unstructured.Unstructured, cachedDiff []*v1alpha1.ResourceDiff, opts ...diff.Option) (*diff.DiffResultList, error) { diff --git a/util/db/helmrepository.go b/util/db/helmrepository.go index 3755b10f974f5..8659e170d48ef 100644 --- a/util/db/helmrepository.go +++ b/util/db/helmrepository.go @@ -2,6 +2,7 @@ package db import ( "context" + "fmt" "strings" "google.golang.org/grpc/codes" @@ -43,24 +44,24 @@ func (db *db) getHelmRepo(repoURL string, helmRepositories []settings.HelmRepoCr return repo, err } -// ListHelmRepoURLs lists configured helm repositories +// ListHelmRepositories lists configured helm repositories func (db *db) ListHelmRepositories(ctx context.Context) ([]*v1alpha1.Repository, error) { helmRepositories, err := db.settingsMgr.GetHelmRepositories() if err != nil { - return nil, err + return nil, fmt.Errorf("failed to get list of Helm repositories from settings manager: %w", err) } result := make([]*v1alpha1.Repository, len(helmRepositories)) for i, helmRepoInfo := range helmRepositories { repo, err := db.getHelmRepo(helmRepoInfo.URL, helmRepositories) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to get Helm repository %q: %w", helmRepoInfo.URL, err) } result[i] = repo } repos, err := db.listRepositories(ctx, pointer.StringPtr("helm")) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to list Helm repositories: %w", err) } result = append(result, v1alpha1.Repositories(repos).Filter(func(r *v1alpha1.Repository) bool { return r.Type == "helm" && r.Name != "" diff --git a/util/db/repository.go b/util/db/repository.go index 8fbff4ffbe76f..552baa3a7a61e 100644 --- a/util/db/repository.go +++ b/util/db/repository.go @@ -78,11 +78,11 @@ func (db *db) CreateRepository(ctx context.Context, r *appsv1.Repository) (*apps func (db *db) GetRepository(ctx context.Context, repoURL string) (*appsv1.Repository, error) { repository, err := db.getRepository(ctx, repoURL) if err != nil { - return repository, err + return repository, fmt.Errorf("unable to get repository %q: %v", repoURL, err) } if err := db.enrichCredsToRepo(ctx, repository); err != nil { - return repository, err + return repository, fmt.Errorf("unable to enrich repository %q info with credentials: %v", repoURL, err) } return repository, err @@ -123,17 +123,25 @@ func (db *db) getRepository(ctx context.Context, repoURL string) (*appsv1.Reposi secretsBackend := db.repoBackend() exists, err := secretsBackend.RepositoryExists(ctx, repoURL) if err != nil { - return nil, err + return nil, fmt.Errorf("unable to check if repository %q exists from secrets backend: %v", repoURL, err) } else if exists { - return secretsBackend.GetRepository(ctx, repoURL) + repository, err := secretsBackend.GetRepository(ctx, repoURL) + if err != nil { + return nil, fmt.Errorf("unable to get repository %q from secrets backend: %v", repoURL, err) + } + return repository, nil } legacyBackend := db.legacyRepoBackend() exists, err = legacyBackend.RepositoryExists(ctx, repoURL) if err != nil { - return nil, err + return nil, fmt.Errorf("unable to check if repository %q exists from legacy backend: %v", repoURL, err) } else if exists { - return legacyBackend.GetRepository(ctx, repoURL) + repository, err := legacyBackend.GetRepository(ctx, repoURL) + if err != nil { + return nil, fmt.Errorf("unable to get repository %q from legacy backend: %v", repoURL, err) + } + return repository, nil } return &appsv1.Repository{Repo: repoURL}, nil @@ -229,17 +237,25 @@ func (db *db) GetRepositoryCredentials(ctx context.Context, repoURL string) (*ap secretsBackend := db.repoBackend() exists, err := secretsBackend.RepoCredsExists(ctx, repoURL) if err != nil { - return nil, err + return nil, fmt.Errorf("unable to check if repository credentials for %q exists from secrets backend: %w", repoURL, err) } else if exists { - return secretsBackend.GetRepoCreds(ctx, repoURL) + creds, err := secretsBackend.GetRepoCreds(ctx, repoURL) + if err != nil { + return nil, fmt.Errorf("unable to get repository credentials for %q from secrets backend: %w", repoURL, err) + } + return creds, nil } legacyBackend := db.legacyRepoBackend() exists, err = legacyBackend.RepoCredsExists(ctx, repoURL) if err != nil { - return nil, err + return nil, fmt.Errorf("unable to check if repository credentials for %q exists from legacy backend: %w", repoURL, err) } else if exists { - return legacyBackend.GetRepoCreds(ctx, repoURL) + creds, err := legacyBackend.GetRepoCreds(ctx, repoURL) + if err != nil { + return nil, fmt.Errorf("unable to get repository credentials for %q from legacy backend: %w", repoURL, err) + } + return creds, nil } return nil, nil @@ -252,12 +268,12 @@ func (db *db) GetAllHelmRepositoryCredentials(ctx context.Context) ([]*appsv1.Re secretRepoCreds, err := db.repoBackend().GetAllHelmRepoCreds(ctx) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to get all Helm repo creds: %w", err) } legacyRepoCreds, err := db.legacyRepoBackend().GetAllHelmRepoCreds(ctx) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to get all legacy Helm repo creds: %w", err) } return append(secretRepoCreds, legacyRepoCreds...), nil @@ -353,7 +369,7 @@ func (db *db) enrichCredsToRepo(ctx context.Context, repository *appsv1.Reposito repository.InheritedCreds = true } } else { - return err + return fmt.Errorf("failed to get repository credentials for %q: %w", repository.Repo, err) } } else { log.Debugf("%s has credentials", repository.Repo) diff --git a/util/db/repository_legacy.go b/util/db/repository_legacy.go index 0aee0cd336fa8..e25fe873c7511 100644 --- a/util/db/repository_legacy.go +++ b/util/db/repository_legacy.go @@ -1,9 +1,10 @@ package db import ( + "context" + "fmt" "strings" - "context" log "github.com/sirupsen/logrus" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" @@ -35,7 +36,7 @@ func (l *legacyRepositoryBackend) CreateRepository(ctx context.Context, r *appsv func (l *legacyRepositoryBackend) GetRepository(ctx context.Context, repoURL string) (*appsv1.Repository, error) { repository, err := l.tryGetRepository(repoURL) if err != nil { - return nil, err + return nil, fmt.Errorf("unable to get repository: %w", err) } return repository, nil } @@ -129,7 +130,7 @@ func (l *legacyRepositoryBackend) DeleteRepository(ctx context.Context, repoURL func (l *legacyRepositoryBackend) RepositoryExists(ctx context.Context, repoURL string) (bool, error) { repos, err := l.db.settingsMgr.GetRepositories() if err != nil { - return false, err + return false, fmt.Errorf("unable to get repositories: %w", err) } index := l.getRepositoryIndex(repos, repoURL) diff --git a/util/db/repository_secrets.go b/util/db/repository_secrets.go index 4bea20c7f6b3f..31152300b0b8b 100644 --- a/util/db/repository_secrets.go +++ b/util/db/repository_secrets.go @@ -171,7 +171,7 @@ func (s *secretsRepositoryBackend) RepositoryExists(ctx context.Context, repoURL return false, nil } - return false, err + return false, fmt.Errorf("failed to get repository secret for %q: %v", repoURL, err) } return secret != nil, nil @@ -457,7 +457,7 @@ func repoCredsToSecret(repoCreds *appsv1.RepoCreds, secret *corev1.Secret) { func (s *secretsRepositoryBackend) getRepositorySecret(repoURL string) (*corev1.Secret, error) { secrets, err := s.db.listSecretsByType(common.LabelValueSecretTypeRepository) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to list repository secrets: %w", err) } for _, secret := range secrets { diff --git a/util/settings/settings.go b/util/settings/settings.go index 04cd773f1f3e4..e01e950ca2e29 100644 --- a/util/settings/settings.go +++ b/util/settings/settings.go @@ -766,7 +766,7 @@ func (mgr *SettingsManager) GetDeepLinks(deeplinkType string) ([]DeepLink, error func (mgr *SettingsManager) GetEnabledSourceTypes() (map[string]bool, error) { argoCDCM, err := mgr.getConfigMap() if err != nil { - return nil, err + return nil, fmt.Errorf("failed to get argo-cd config map: %w", err) } res := map[string]bool{} for sourceType := range sourceTypeToEnableGenerationKey { @@ -1009,7 +1009,7 @@ func (mgr *SettingsManager) GetResourceCompareOptions() (ArgoCDDiffOptions, erro func (mgr *SettingsManager) GetHelmSettings() (*v1alpha1.HelmOptions, error) { argoCDCM, err := mgr.getConfigMap() if err != nil { - return nil, err + return nil, fmt.Errorf("failed to get argo-cd config map: %v", err) } helmOptions := &v1alpha1.HelmOptions{} if value, ok := argoCDCM.Data[helmValuesFileSchemesKey]; ok { @@ -1045,7 +1045,7 @@ func (mgr *SettingsManager) GetKustomizeSettings() (*KustomizeSettings, error) { if strings.HasPrefix(k, kustomizeVersionKeyPrefix) { err = addKustomizeVersion(kustomizeVersionKeyPrefix, k, v, kustomizeVersionsMap) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to add kustomize version from %q: %w", k, err) } } @@ -1053,7 +1053,7 @@ func (mgr *SettingsManager) GetKustomizeSettings() (*KustomizeSettings, error) { if strings.HasPrefix(k, kustomizePathPrefixKey) { err = addKustomizeVersion(kustomizePathPrefixKey, k, v, kustomizeVersionsMap) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to add kustomize version from %q: %w", k, err) } } @@ -1113,7 +1113,7 @@ func (mgr *SettingsManager) GetRepositories() ([]Repository, error) { // Get the config map outside of the lock argoCDCM, err := mgr.getConfigMap() if err != nil { - return nil, err + return nil, fmt.Errorf("failed to get argo-cd config map: %w", err) } mgr.mutex.Lock() @@ -1123,7 +1123,7 @@ func (mgr *SettingsManager) GetRepositories() ([]Repository, error) { if repositoriesStr != "" { err := yaml.Unmarshal([]byte(repositoriesStr), &repositories) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to unmarshal repositories from config map key %q: %w", repositoriesKey, err) } } mgr.reposCache = repositories diff --git a/util/settings/settings_test.go b/util/settings/settings_test.go index b8fe3569300f9..0f568d67fe060 100644 --- a/util/settings/settings_test.go +++ b/util/settings/settings_test.go @@ -696,7 +696,7 @@ func TestSettingsManager_GetKustomizeBuildOptions(t *testing.T) { }) got, err := settingsManager.GetKustomizeSettings() - assert.EqualError(t, err, "found duplicate kustomize version: v3.2.1") + assert.EqualError(t, err, "failed to add kustomize version from \"kustomize.version.v3.2.1\": found duplicate kustomize version: v3.2.1") assert.Empty(t, got) }) From aaadb2097ef0987e9b8b404a17f9ff4b51887b50 Mon Sep 17 00:00:00 2001 From: Ashin Sabu <139749674+ashinsabu3@users.noreply.github.com> Date: Fri, 4 Aug 2023 20:34:31 +0530 Subject: [PATCH 087/105] fix(ui): Fixes health icon positioning (#14708) (#14852) * fix: Fixes health icon positioning #14708 Signed-off-by: ashinsabu3 * fix: Fixes alignment of app health application status panel #14708 Signed-off-by: ashinsabu3 * fix: Added line height to App Status to fix its positioning #14708 Signed-off-by: ashinsabu3 --------- Signed-off-by: ashinsabu3 --- .../application-status-panel/application-status-panel.scss | 3 ++- .../application-status-panel/application-status-panel.tsx | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ui/src/app/applications/components/application-status-panel/application-status-panel.scss b/ui/src/app/applications/components/application-status-panel/application-status-panel.scss index 688be5aa727ea..9898db27d2ba6 100644 --- a/ui/src/app/applications/components/application-status-panel/application-status-panel.scss +++ b/ui/src/app/applications/components/application-status-panel/application-status-panel.scss @@ -70,6 +70,7 @@ } display: flex; flex-direction: column; + justify-content: flex-start; flex-shrink: 0; flex-grow: 0; @@ -134,7 +135,7 @@ &__item-value { display: flex; - align-items: flex-end; + align-items: center; margin-bottom: 0.5em; font-weight: 500; .fa { diff --git a/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx b/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx index 480e68622075d..c82252144849c 100644 --- a/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx +++ b/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx @@ -71,7 +71,7 @@ export const ApplicationStatusPanel = ({application, showDiff, showOperation, sh return (
      -
      {sectionLabel({title: 'APP HEALTH', helpContent: 'The health status of your app'})}
      +
      {sectionLabel({title: 'APP HEALTH', helpContent: 'The health status of your app'})}
        From 95e942e7934a5183116d65ad3539042d6a7a3749 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Fri, 4 Aug 2023 12:56:03 -0400 Subject: [PATCH 088/105] chore: fix non-deterministic test (#14905) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- util/settings/settings_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/settings/settings_test.go b/util/settings/settings_test.go index 0f568d67fe060..07a2c268a6bd7 100644 --- a/util/settings/settings_test.go +++ b/util/settings/settings_test.go @@ -696,7 +696,7 @@ func TestSettingsManager_GetKustomizeBuildOptions(t *testing.T) { }) got, err := settingsManager.GetKustomizeSettings() - assert.EqualError(t, err, "failed to add kustomize version from \"kustomize.version.v3.2.1\": found duplicate kustomize version: v3.2.1") + assert.ErrorContains(t, err, "found duplicate kustomize version: v3.2.1") assert.Empty(t, got) }) From d836ec393d32b7d1040abfb76e59b57201e2ee57 Mon Sep 17 00:00:00 2001 From: xashr <103113861+xashr@users.noreply.github.com> Date: Fri, 4 Aug 2023 22:16:58 +0200 Subject: [PATCH 089/105] fix: Change underscore (_) back to plus (+) to get valid SemVer when when reading tags from OCI registry (#14537) * fix: Change underscore (_) back to plus (+) to get valid SemVer when reading tags from OCI registry Signed-off-by: xashr * Add test coverage for SemVer tags in TestGetTagsFromUrl Signed-off-by: xashr --------- Signed-off-by: xashr --- util/helm/client.go | 9 +++++++-- util/helm/client_test.go | 20 +++++++++++++++++--- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/util/helm/client.go b/util/helm/client.go index cfd9ae84dc419..fcb1e665dffb6 100644 --- a/util/helm/client.go +++ b/util/helm/client.go @@ -425,8 +425,13 @@ func (c *nativeHelmChart) GetTags(chart string, noCache bool) (*TagsList, error) } ctx := context.Background() - err = repo.Tags(ctx, "", func(tagResult []string) error { - tags.Tags = append(tags.Tags, tagResult...) + err = repo.Tags(ctx, "", func(tagsResult []string) error { + for _, tag := range tagsResult { + // By convention: Change underscore (_) back to plus (+) to get valid SemVer + convertedTag := strings.ReplaceAll(tag, "_", "+") + tags.Tags = append(tags.Tags, convertedTag) + } + return nil }) diff --git a/util/helm/client_test.go b/util/helm/client_test.go index 67bb332a6007f..63b57b7fa5180 100644 --- a/util/helm/client_test.go +++ b/util/helm/client_test.go @@ -160,7 +160,14 @@ func TestGetTagsFromUrl(t *testing.T) { w.Header().Set("Link", fmt.Sprintf("; rel=next", r.Host, r.URL.Path)) responseTags.Tags = []string{"first"} } else { - responseTags.Tags = []string{"second"} + responseTags.Tags = []string{ + "second", + "2.8.0", + "2.8.0-prerelease", + "2.8.0_build", + "2.8.0-prerelease_build", + "2.8.0-prerelease.1_build.1234", + } } w.WriteHeader(http.StatusOK) err := json.NewEncoder(w).Encode(responseTags) @@ -173,6 +180,13 @@ func TestGetTagsFromUrl(t *testing.T) { tags, err := client.GetTags("mychart", true) assert.NoError(t, err) - assert.Equal(t, tags.Tags[0], "first") - assert.Equal(t, tags.Tags[1], "second") + assert.ElementsMatch(t, tags.Tags, []string{ + "first", + "second", + "2.8.0", + "2.8.0-prerelease", + "2.8.0+build", + "2.8.0-prerelease+build", + "2.8.0-prerelease.1+build.1234", + }) } From 505f77acd1fc5214af5fd9e042a84ac88cd0692c Mon Sep 17 00:00:00 2001 From: Geoffrey MUSELLI Date: Mon, 7 Aug 2023 09:51:00 -0400 Subject: [PATCH 090/105] fix(appset): typo in ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS (#14902) (#14913) Signed-off-by: gmuselli --- .../argocd-applicationset-controller-deployment.yaml | 2 +- manifests/core-install.yaml | 2 +- manifests/ha/install.yaml | 2 +- manifests/ha/namespace-install.yaml | 2 +- manifests/install.yaml | 2 +- manifests/namespace-install.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml index 0532408c041d0..ff7cf84c3e60a 100644 --- a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml +++ b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml @@ -133,7 +133,7 @@ spec: key: applicationsetcontroller.scm.root.ca.path name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_ALLOWED_SCM_PROVIDERS + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS valueFrom: configMapKeyRef: name: argocd-cmd-params-cm diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 57fd9c59e0096..49aeaddd46fd1 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -18880,7 +18880,7 @@ spec: key: applicationsetcontroller.scm.root.ca.path name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_ALLOWED_SCM_PROVIDERS + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS valueFrom: configMapKeyRef: key: applicationsetcontroller.allowed.scm.providers diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 32af12f520847..bbb357b2cd595 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -20117,7 +20117,7 @@ spec: key: applicationsetcontroller.scm.root.ca.path name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_ALLOWED_SCM_PROVIDERS + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS valueFrom: configMapKeyRef: key: applicationsetcontroller.allowed.scm.providers diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index fc602ccaa124e..9c6be39785fec 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -1629,7 +1629,7 @@ spec: key: applicationsetcontroller.scm.root.ca.path name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_ALLOWED_SCM_PROVIDERS + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS valueFrom: configMapKeyRef: key: applicationsetcontroller.allowed.scm.providers diff --git a/manifests/install.yaml b/manifests/install.yaml index 5f07ae5ca4719..ee1212b1f90c9 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -19218,7 +19218,7 @@ spec: key: applicationsetcontroller.scm.root.ca.path name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_ALLOWED_SCM_PROVIDERS + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS valueFrom: configMapKeyRef: key: applicationsetcontroller.allowed.scm.providers diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index fec1f4214741f..415ea143c5b64 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -730,7 +730,7 @@ spec: key: applicationsetcontroller.scm.root.ca.path name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_ALLOWED_SCM_PROVIDERS + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS valueFrom: configMapKeyRef: key: applicationsetcontroller.allowed.scm.providers From 18e9edccae4bf59e52ea86999dd009c42461b22d Mon Sep 17 00:00:00 2001 From: Alexander Matyushentsev Date: Mon, 7 Aug 2023 07:33:09 -0700 Subject: [PATCH 091/105] feat: provide short revision in ARGOCD_APP_REVISION_SHORT env variable (#14926) Signed-off-by: Alexander Matyushentsev --- docs/user-guide/build-environment.md | 3 ++- reposerver/repository/repository.go | 5 +++++ reposerver/repository/repository_test.go | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/user-guide/build-environment.md b/docs/user-guide/build-environment.md index 56f6e6b436463..8e2448f4f9e7f 100644 --- a/docs/user-guide/build-environment.md +++ b/docs/user-guide/build-environment.md @@ -3,10 +3,11 @@ [Custom tools](../operator-manual/config-management-plugins.md), [Helm](helm.md), [Jsonnet](jsonnet.md), and [Kustomize](kustomize.md) support the following build env vars: | Variable | Description | -| ----------------------------------- | ----------------------------------------------------------------------- | +|-------------------------------------|-------------------------------------------------------------------------| | `ARGOCD_APP_NAME` | The name of the application. | | `ARGOCD_APP_NAMESPACE` | The destination namespace of the application. | | `ARGOCD_APP_REVISION` | The resolved revision, e.g. `f913b6cbf58aa5ae5ca1f8a2b149477aebcbd9d8`. | +| `ARGOCD_APP_REVISION_SHORT` | The resolved short revision, e.g. `f913b6c`. | | `ARGOCD_APP_SOURCE_PATH` | The path of the app within the source repo. | | `ARGOCD_APP_SOURCE_REPO_URL` | The source repo URL. | | `ARGOCD_APP_SOURCE_TARGET_REVISION` | The target revision from the spec, e.g. `master`. | diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index c0ed6f02e27c6..25a5a0f937e3b 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -1412,10 +1412,15 @@ func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string, } func newEnv(q *apiclient.ManifestRequest, revision string) *v1alpha1.Env { + shortRevision := revision + if len(shortRevision) > 7 { + shortRevision = shortRevision[:7] + } return &v1alpha1.Env{ &v1alpha1.EnvEntry{Name: "ARGOCD_APP_NAME", Value: q.AppName}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_NAMESPACE", Value: q.Namespace}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_REVISION", Value: revision}, + &v1alpha1.EnvEntry{Name: "ARGOCD_APP_REVISION_SHORT", Value: shortRevision}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_SOURCE_REPO_URL", Value: q.Repo.Repo}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_SOURCE_PATH", Value: q.ApplicationSource.Path}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_SOURCE_TARGET_REVISION", Value: q.ApplicationSource.TargetRevision}, diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go index 0e13aa352e6d8..18429b7665ab7 100644 --- a/reposerver/repository/repository_test.go +++ b/reposerver/repository/repository_test.go @@ -1465,6 +1465,7 @@ func Test_newEnv(t *testing.T) { &argoappv1.EnvEntry{Name: "ARGOCD_APP_NAME", Value: "my-app-name"}, &argoappv1.EnvEntry{Name: "ARGOCD_APP_NAMESPACE", Value: "my-namespace"}, &argoappv1.EnvEntry{Name: "ARGOCD_APP_REVISION", Value: "my-revision"}, + &argoappv1.EnvEntry{Name: "ARGOCD_APP_REVISION_SHORT", Value: "my-revi"}, &argoappv1.EnvEntry{Name: "ARGOCD_APP_SOURCE_REPO_URL", Value: "https://github.com/my-org/my-repo"}, &argoappv1.EnvEntry{Name: "ARGOCD_APP_SOURCE_PATH", Value: "my-path"}, &argoappv1.EnvEntry{Name: "ARGOCD_APP_SOURCE_TARGET_REVISION", Value: "my-target-revision"}, From 77e17932c2409fb14113bebc2a578fc1214e598e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Aug 2023 10:35:50 -0400 Subject: [PATCH 092/105] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.312 to 1.44.317 (#14925) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.312 to 1.44.317. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.312...v1.44.317) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 537f3f1653ee9..8ed8fa63fa36d 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230607163028-425d65e07695 github.com/argoproj/notifications-engine v0.4.1-0.20230620204159-3446d4ae8520 github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 - github.com/aws/aws-sdk-go v1.44.312 + github.com/aws/aws-sdk-go v1.44.317 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 diff --git a/go.sum b/go.sum index 55c25a7ab45f2..25a157074bd6a 100644 --- a/go.sum +++ b/go.sum @@ -733,8 +733,8 @@ github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.312 h1:llrElfzeqG/YOLFFKjg1xNpZCFJ2xraIi3PqSuP+95k= -github.com/aws/aws-sdk-go v1.44.312/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.317 h1:+8XWrLmGMwPPXSRSLPzhgcGnzJ2mYkgkrcB9C/GnSOU= +github.com/aws/aws-sdk-go v1.44.317/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= From d3c9f91c46943c7958e464660a0ac7bf4cb106de Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Aug 2023 10:37:28 -0400 Subject: [PATCH 093/105] chore(deps): bump golang.org/x/oauth2 from 0.10.0 to 0.11.0 (#14922) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.10.0 to 0.11.0. - [Commits](https://github.com/golang/oauth2/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 12 ++++++------ go.sum | 18 ++++++++++++------ 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 8ed8fa63fa36d..e3eea7a804b99 100644 --- a/go.mod +++ b/go.mod @@ -77,11 +77,11 @@ require ( go.opentelemetry.io/otel v1.16.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.16.0 go.opentelemetry.io/otel/sdk v1.16.0 - golang.org/x/crypto v0.11.0 + golang.org/x/crypto v0.12.0 golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 - golang.org/x/oauth2 v0.10.0 + golang.org/x/oauth2 v0.11.0 golang.org/x/sync v0.3.0 - golang.org/x/term v0.10.0 + golang.org/x/term v0.11.0 google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc google.golang.org/grpc v1.56.2 google.golang.org/protobuf v1.31.0 @@ -247,9 +247,9 @@ require ( go.opentelemetry.io/proto/otlp v0.19.0 // indirect go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd // indirect golang.org/x/mod v0.9.0 // indirect - golang.org/x/net v0.12.0 // indirect - golang.org/x/sys v0.10.0 // indirect - golang.org/x/text v0.11.0 // indirect + golang.org/x/net v0.14.0 // indirect + golang.org/x/sys v0.11.0 // indirect + golang.org/x/text v0.12.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.7.0 // indirect gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 // indirect diff --git a/go.sum b/go.sum index 25a157074bd6a..28695dba8b53d 100644 --- a/go.sum +++ b/go.sum @@ -1976,8 +1976,9 @@ golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2Uz golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= -golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= +golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= +golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2128,8 +2129,9 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= -golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= +golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2162,8 +2164,9 @@ golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8= golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= +golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU= +golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2321,8 +2324,9 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= +golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -2334,8 +2338,9 @@ golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= -golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c= golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= +golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= +golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2353,8 +2358,9 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= +golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From 9a0c3cfe5cba8be622b211cda6ff338c40dee33a Mon Sep 17 00:00:00 2001 From: German Lashevich Date: Mon, 7 Aug 2023 14:45:04 +0000 Subject: [PATCH 094/105] docs: Update Generators-Git.md (#14921) Remove a misleading symbol from the pattern for the path.Match function. The pipe symbol doesn't have any special meaning. Signed-off-by: German Lashevich --- docs/operator-manual/applicationset/Generators-Git.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/operator-manual/applicationset/Generators-Git.md b/docs/operator-manual/applicationset/Generators-Git.md index 690495dccfee5..25923a4a75d83 100644 --- a/docs/operator-manual/applicationset/Generators-Git.md +++ b/docs/operator-manual/applicationset/Generators-Git.md @@ -157,7 +157,7 @@ Or, a shorter way (using [path.Match](https://golang.org/pkg/path/#Match) syntax ```yaml - path: /d/* -- path: /d/[f|g] +- path: /d/[fg] exclude: true ``` From 9d9b872f72d673e2989dd2df06635fd291777469 Mon Sep 17 00:00:00 2001 From: JesseBot Date: Mon, 7 Aug 2023 16:57:47 +0200 Subject: [PATCH 095/105] docs: Update helm.md - add missing syntax highlighting for YAML and Dockerfile blocks (#14911) Signed-off-by: JesseBot --- docs/user-guide/helm.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/user-guide/helm.md b/docs/user-guide/helm.md index bf5fbfdb186e6..5c8b8c020adf5 100644 --- a/docs/user-guide/helm.md +++ b/docs/user-guide/helm.md @@ -54,7 +54,7 @@ source: Argo CD supports the equivalent of a values file directly in the Application manifest using the `source.helm.valuesObject` key. -``` +```yaml source: helm: valuesObject: @@ -75,7 +75,7 @@ source: Alternatively, values can be passed in as a string using the `source.helm.values` key. -``` +```yaml source: helm: values: | @@ -254,7 +254,7 @@ One way to use this plugin is to prepare your own ArgoCD image where it is inclu Example `Dockerfile`: -``` +```dockerfile FROM argoproj/argocd:v1.5.7 USER root @@ -284,7 +284,7 @@ Some users find this pattern preferable to maintaining their own version of the Below is an example of how to add Helm plugins when installing ArgoCD with the [official ArgoCD helm chart](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd): -``` +```yaml repoServer: volumes: - name: gcp-credentials From 68c33729ba16d534985d666cbcccc23f1e8758ff Mon Sep 17 00:00:00 2001 From: Vipin M S <40431065+vipinachar@users.noreply.github.com> Date: Mon, 7 Aug 2023 20:31:23 +0530 Subject: [PATCH 096/105] fix(ui): COPY JSON for ArgoCD version should include trailing newline (#5117) (#14917) Signed-off-by: Vipin M S --- .../app/shared/components/version-info/version-info-panel.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/src/app/shared/components/version-info/version-info-panel.tsx b/ui/src/app/shared/components/version-info/version-info-panel.tsx index 3e36fd9105519..8622b762c8a5a 100644 --- a/ui/src/app/shared/components/version-info/version-info-panel.tsx +++ b/ui/src/app/shared/components/version-info/version-info-panel.tsx @@ -105,7 +105,7 @@ export class VersionPanel extends React.Component { - const stringifiedVersion = JSON.stringify(version, undefined, 4); + const stringifiedVersion = JSON.stringify(version, undefined, 4) + '\n'; try { await navigator.clipboard.writeText(stringifiedVersion); this.setState({copyState: 'success'}); From 9331a9f05e3103f160c0f8ac843c56e63cb4987c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 7 Aug 2023 18:23:57 +0000 Subject: [PATCH 097/105] [Bot] docs: Update Snyk reports (#14919) Signed-off-by: CI Co-authored-by: CI --- docs/snyk/index.md | 60 +- docs/snyk/master/argocd-iac-install.html | 82 +- .../master/argocd-iac-namespace-install.html | 2 +- docs/snyk/master/argocd-test.html | 4 +- .../master/ghcr.io_dexidp_dex_v2.37.0.html | 290 ++++- docs/snyk/master/haproxy_2.6.14-alpine.html | 189 ++- .../quay.io_argoproj_argocd_latest.html | 455 +------ docs/snyk/master/redis_7.0.11-alpine.html | 189 ++- docs/snyk/v2.5.21/argocd-iac-install.html | 2 +- .../v2.5.21/argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.5.21/argocd-test.html | 2 +- .../v2.5.21/ghcr.io_dexidp_dex_v2.37.0.html | 290 ++++- docs/snyk/v2.5.21/haproxy_2.6.14-alpine.html | 189 ++- .../quay.io_argoproj_argocd_v2.5.21.html | 522 ++------ docs/snyk/v2.5.21/redis_7.0.11-alpine.html | 189 ++- docs/snyk/v2.6.13/argocd-iac-install.html | 2 +- .../v2.6.13/argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.6.13/argocd-test.html | 2 +- .../v2.6.13/ghcr.io_dexidp_dex_v2.37.0.html | 290 ++++- docs/snyk/v2.6.13/haproxy_2.6.14-alpine.html | 189 ++- .../quay.io_argoproj_argocd_v2.6.13.html | 522 ++------ docs/snyk/v2.6.13/redis_7.0.11-alpine.html | 189 ++- .../argocd-iac-install.html | 2 +- .../argocd-iac-namespace-install.html | 2 +- .../snyk/{v2.7.9 => v2.7.10}/argocd-test.html | 2 +- .../v2.7.10/ghcr.io_dexidp_dex_v2.37.0.html | 1079 +++++++++++++++++ .../haproxy_2.6.14-alpine.html | 189 ++- .../quay.io_argoproj_argocd_v2.7.10.html} | 634 +++------- .../redis_7.0.11-alpine.html | 189 ++- .../v2.7.9/ghcr.io_dexidp_dex_v2.37.0.html | 797 ------------ .../ghcr.io_dexidp_dex_v2.37.0.html | 797 ------------ .../argocd-iac-install.html | 64 +- .../argocd-iac-namespace-install.html | 64 +- .../argocd-test.html | 4 +- .../ghcr.io_dexidp_dex_v2.37.0.html | 1079 +++++++++++++++++ .../haproxy_2.6.14-alpine.html | 189 ++- .../quay.io_argoproj_argocd_v2.8.0-rc7.html} | 830 ++----------- .../redis_7.0.11-alpine.html | 189 ++- 38 files changed, 5466 insertions(+), 4307 deletions(-) rename docs/snyk/{v2.7.9 => v2.7.10}/argocd-iac-install.html (99%) rename docs/snyk/{v2.7.9 => v2.7.10}/argocd-iac-namespace-install.html (99%) rename docs/snyk/{v2.7.9 => v2.7.10}/argocd-test.html (99%) create mode 100644 docs/snyk/v2.7.10/ghcr.io_dexidp_dex_v2.37.0.html rename docs/snyk/{v2.7.9 => v2.7.10}/haproxy_2.6.14-alpine.html (75%) rename docs/snyk/{v2.8.0-rc6/quay.io_argoproj_argocd_v2.8.0-rc6.html => v2.7.10/quay.io_argoproj_argocd_v2.7.10.html} (79%) rename docs/snyk/{v2.7.9 => v2.7.10}/redis_7.0.11-alpine.html (75%) delete mode 100644 docs/snyk/v2.7.9/ghcr.io_dexidp_dex_v2.37.0.html delete mode 100644 docs/snyk/v2.8.0-rc6/ghcr.io_dexidp_dex_v2.37.0.html rename docs/snyk/{v2.8.0-rc6 => v2.8.0-rc7}/argocd-iac-install.html (98%) rename docs/snyk/{v2.8.0-rc6 => v2.8.0-rc7}/argocd-iac-namespace-install.html (98%) rename docs/snyk/{v2.8.0-rc6 => v2.8.0-rc7}/argocd-test.html (99%) create mode 100644 docs/snyk/v2.8.0-rc7/ghcr.io_dexidp_dex_v2.37.0.html rename docs/snyk/{v2.8.0-rc6 => v2.8.0-rc7}/haproxy_2.6.14-alpine.html (75%) rename docs/snyk/{v2.7.9/quay.io_argoproj_argocd_v2.7.9.html => v2.8.0-rc7/quay.io_argoproj_argocd_v2.8.0-rc7.html} (74%) rename docs/snyk/{v2.8.0-rc6 => v2.8.0-rc7}/redis_7.0.11-alpine.html (75%) diff --git a/docs/snyk/index.md b/docs/snyk/index.md index 4908a8bed515f..386f930c6ac2c 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -15,38 +15,38 @@ recent minor releases. |---:|:--------:|:----:|:------:|:---:| | [go.mod](master/argocd-test.html) | 0 | 1 | 0 | 0 | | [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 0 | 0 | -| [dex:v2.37.0](master/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 2 | 0 | -| [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 0 | 2 | 0 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 3 | 15 | -| [redis:7.0.11-alpine](master/redis_7.0.11-alpine.html) | 0 | 0 | 2 | 0 | +| [dex:v2.37.0](master/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 2 | 1 | +| [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 0 | 2 | 1 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 1 | 15 | +| [redis:7.0.11-alpine](master/redis_7.0.11-alpine.html) | 0 | 0 | 2 | 1 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.8.0-rc6 +### v2.8.0-rc7 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.8.0-rc6/argocd-test.html) | 0 | 1 | 0 | 0 | -| [ui/yarn.lock](v2.8.0-rc6/argocd-test.html) | 0 | 0 | 0 | 0 | -| [dex:v2.37.0](v2.8.0-rc6/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 2 | 0 | -| [haproxy:2.6.14-alpine](v2.8.0-rc6/haproxy_2.6.14-alpine.html) | 0 | 0 | 2 | 0 | -| [argocd:v2.8.0-rc6](v2.8.0-rc6/quay.io_argoproj_argocd_v2.8.0-rc6.html) | 0 | 0 | 3 | 15 | -| [redis:7.0.11-alpine](v2.8.0-rc6/redis_7.0.11-alpine.html) | 0 | 0 | 2 | 0 | -| [install.yaml](v2.8.0-rc6/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.8.0-rc6/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.8.0-rc7/argocd-test.html) | 0 | 1 | 0 | 0 | +| [ui/yarn.lock](v2.8.0-rc7/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.37.0](v2.8.0-rc7/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 2 | 1 | +| [haproxy:2.6.14-alpine](v2.8.0-rc7/haproxy_2.6.14-alpine.html) | 0 | 0 | 2 | 1 | +| [argocd:v2.8.0-rc7](v2.8.0-rc7/quay.io_argoproj_argocd_v2.8.0-rc7.html) | 0 | 0 | 1 | 15 | +| [redis:7.0.11-alpine](v2.8.0-rc7/redis_7.0.11-alpine.html) | 0 | 0 | 2 | 1 | +| [install.yaml](v2.8.0-rc7/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.8.0-rc7/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.7.9 +### v2.7.10 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.7.9/argocd-test.html) | 0 | 0 | 0 | 0 | -| [ui/yarn.lock](v2.7.9/argocd-test.html) | 0 | 1 | 0 | 0 | -| [dex:v2.37.0](v2.7.9/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 2 | 0 | -| [haproxy:2.6.14-alpine](v2.7.9/haproxy_2.6.14-alpine.html) | 0 | 0 | 2 | 0 | -| [argocd:v2.7.9](v2.7.9/quay.io_argoproj_argocd_v2.7.9.html) | 0 | 0 | 4 | 15 | -| [redis:7.0.11-alpine](v2.7.9/redis_7.0.11-alpine.html) | 0 | 0 | 2 | 0 | -| [install.yaml](v2.7.9/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.7.9/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.7.10/argocd-test.html) | 0 | 0 | 0 | 0 | +| [ui/yarn.lock](v2.7.10/argocd-test.html) | 0 | 1 | 0 | 0 | +| [dex:v2.37.0](v2.7.10/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 2 | 1 | +| [haproxy:2.6.14-alpine](v2.7.10/haproxy_2.6.14-alpine.html) | 0 | 0 | 2 | 1 | +| [argocd:v2.7.10](v2.7.10/quay.io_argoproj_argocd_v2.7.10.html) | 0 | 0 | 1 | 15 | +| [redis:7.0.11-alpine](v2.7.10/redis_7.0.11-alpine.html) | 0 | 0 | 2 | 1 | +| [install.yaml](v2.7.10/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.7.10/argocd-iac-namespace-install.html) | - | - | - | - | ### v2.6.13 @@ -54,10 +54,10 @@ recent minor releases. |---:|:--------:|:----:|:------:|:---:| | [go.mod](v2.6.13/argocd-test.html) | 0 | 0 | 0 | 0 | | [ui/yarn.lock](v2.6.13/argocd-test.html) | 0 | 1 | 0 | 0 | -| [dex:v2.37.0](v2.6.13/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 2 | 0 | -| [haproxy:2.6.14-alpine](v2.6.13/haproxy_2.6.14-alpine.html) | 0 | 0 | 2 | 0 | -| [argocd:v2.6.13](v2.6.13/quay.io_argoproj_argocd_v2.6.13.html) | 0 | 0 | 4 | 15 | -| [redis:7.0.11-alpine](v2.6.13/redis_7.0.11-alpine.html) | 0 | 0 | 2 | 0 | +| [dex:v2.37.0](v2.6.13/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 2 | 1 | +| [haproxy:2.6.14-alpine](v2.6.13/haproxy_2.6.14-alpine.html) | 0 | 0 | 2 | 1 | +| [argocd:v2.6.13](v2.6.13/quay.io_argoproj_argocd_v2.6.13.html) | 0 | 0 | 2 | 15 | +| [redis:7.0.11-alpine](v2.6.13/redis_7.0.11-alpine.html) | 0 | 0 | 2 | 1 | | [install.yaml](v2.6.13/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.6.13/argocd-iac-namespace-install.html) | - | - | - | - | @@ -67,9 +67,9 @@ recent minor releases. |---:|:--------:|:----:|:------:|:---:| | [go.mod](v2.5.21/argocd-test.html) | 0 | 0 | 2 | 0 | | [ui/yarn.lock](v2.5.21/argocd-test.html) | 0 | 1 | 4 | 0 | -| [dex:v2.37.0](v2.5.21/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 2 | 0 | -| [haproxy:2.6.14-alpine](v2.5.21/haproxy_2.6.14-alpine.html) | 0 | 0 | 2 | 0 | -| [argocd:v2.5.21](v2.5.21/quay.io_argoproj_argocd_v2.5.21.html) | 0 | 0 | 4 | 15 | -| [redis:7.0.11-alpine](v2.5.21/redis_7.0.11-alpine.html) | 0 | 0 | 2 | 0 | +| [dex:v2.37.0](v2.5.21/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 2 | 1 | +| [haproxy:2.6.14-alpine](v2.5.21/haproxy_2.6.14-alpine.html) | 0 | 0 | 2 | 1 | +| [argocd:v2.5.21](v2.5.21/quay.io_argoproj_argocd_v2.5.21.html) | 0 | 0 | 2 | 15 | +| [redis:7.0.11-alpine](v2.5.21/redis_7.0.11-alpine.html) | 0 | 0 | 2 | 1 | | [install.yaml](v2.5.21/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.5.21/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index dfe207c217a92..e09c623374e61 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      July 30th 2023, 12:18:08 am (UTC+00:00)

      +

      August 6th 2023, 12:16:29 am (UTC+00:00)

      Scanned the following path: @@ -507,7 +507,7 @@

      Role with dangerous permissions

    • - Line number: 18466 + Line number: 18472
    @@ -553,7 +553,7 @@

    Role with dangerous permissions

  • - Line number: 18543 + Line number: 18549
  • @@ -599,7 +599,7 @@

    Role with dangerous permissions

  • - Line number: 18571 + Line number: 18577
  • @@ -645,7 +645,7 @@

    Role with dangerous permissions

  • - Line number: 18619 + Line number: 18625
  • @@ -691,7 +691,7 @@

    Role with dangerous permissions

  • - Line number: 18601 + Line number: 18607
  • @@ -737,7 +737,7 @@

    Role with dangerous permissions

  • - Line number: 18635 + Line number: 18641
  • @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 19731 + Line number: 19737
  • @@ -847,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 19106 + Line number: 19112
  • @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 19339 + Line number: 19345
  • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 19305 + Line number: 19311
  • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 19399 + Line number: 19405
  • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 19486 + Line number: 19492
  • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 19731 + Line number: 19737
  • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 19543 + Line number: 19549
  • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 19816 + Line number: 19822
  • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 20132 + Line number: 20138
  • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 19319 + Line number: 19325
  • @@ -1415,7 +1415,7 @@

    Container is running without liveness probe

  • - Line number: 19106 + Line number: 19112
  • @@ -1467,7 +1467,7 @@

    Container is running without liveness probe

  • - Line number: 19305 + Line number: 19311
  • @@ -1519,7 +1519,7 @@

    Container is running without liveness probe

  • - Line number: 19339 + Line number: 19345
  • @@ -1571,7 +1571,7 @@

    Container is running without liveness probe

  • - Line number: 19486 + Line number: 19492
  • @@ -1623,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 19731 + Line number: 19737
  • @@ -1681,7 +1681,7 @@

    Container is running without memory limit

  • - Line number: 19106 + Line number: 19112
  • @@ -1739,7 +1739,7 @@

    Container is running without memory limit

  • - Line number: 19305 + Line number: 19311
  • @@ -1797,7 +1797,7 @@

    Container is running without memory limit

  • - Line number: 19339 + Line number: 19345
  • @@ -1855,7 +1855,7 @@

    Container is running without memory limit

  • - Line number: 19399 + Line number: 19405
  • @@ -1913,7 +1913,7 @@

    Container is running without memory limit

  • - Line number: 19486 + Line number: 19492
  • @@ -1971,7 +1971,7 @@

    Container is running without memory limit

  • - Line number: 19731 + Line number: 19737
  • @@ -2029,7 +2029,7 @@

    Container is running without memory limit

  • - Line number: 19543 + Line number: 19549
  • @@ -2087,7 +2087,7 @@

    Container is running without memory limit

  • - Line number: 19816 + Line number: 19822
  • @@ -2145,7 +2145,7 @@

    Container is running without memory limit

  • - Line number: 20132 + Line number: 20138
  • @@ -2201,7 +2201,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19229 + Line number: 19235
  • @@ -2257,7 +2257,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19347 + Line number: 19353
  • @@ -2313,7 +2313,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19322 + Line number: 19328
  • @@ -2369,7 +2369,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19420 + Line number: 19426
  • @@ -2425,7 +2425,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19496 + Line number: 19502
  • @@ -2481,7 +2481,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19738 + Line number: 19744
  • @@ -2537,7 +2537,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19704 + Line number: 19710
  • @@ -2593,7 +2593,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 20042 + Line number: 20048
  • @@ -2649,7 +2649,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 20280 + Line number: 20286
  • diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index 163793f6f7d11..8681140fe63db 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:18:20 am (UTC+00:00)

    +

    August 6th 2023, 12:16:42 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index 9555410285bfd..c81da2fd13242 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:15:46 am (UTC+00:00)

    +

    August 6th 2023, 12:14:07 am (UTC+00:00)

    Scanned the following paths: @@ -468,7 +468,7 @@

    Snyk test report

    1 known vulnerabilities
    1 vulnerable dependency paths
    -
    1812 dependencies
    +
    1859 dependencies
    diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.37.0.html index 862f1052a09f2..e4081cb340c45 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.37.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:15:57 am (UTC+00:00)

    +

    August 6th 2023, 12:14:19 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    2 known vulnerabilities
    -
    14 vulnerable dependency paths
    +
    4 known vulnerabilities
    +
    22 vulnerable dependency paths
    786 dependencies
    @@ -780,6 +780,8 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org

  • @@ -789,6 +791,286 @@

    References

    +
    +

    Cross-site Scripting (XSS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: golang +
    • +
    • + Vulnerable module: + + golang.org/x/net/html +
    • + +
    • Introduced through: + + github.com/dexidp/dex@* and golang.org/x/net/html@v0.11.0 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/dexidp/dex@* + + golang.org/x/net/html@v0.11.0 + + + +
    • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    +

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the render1() function in render.go. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be.

    +

    Details

    +

    A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

    +

    This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

    +

    Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

    +

    Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

    +

    The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

    +

    Types of attacks

    +

    There are a few methods by which XSS can be manipulated:

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    TypeOriginDescription
    StoredServerThe malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
    ReflectedServerThe attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
    DOM-basedClientThe attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
    MutatedThe attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.
    +

    Affected environments

    +

    The following environments are susceptible to an XSS attack:

    +
      +
    • Web servers
    • +
    • Application servers
    • +
    • Web application environments
    • +
    +

    How to prevent

    +

    This section describes the top best practices designed to specifically protect your code:

    +
      +
    • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
    • +
    • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
    • +
    • Give users the option to disable client-side scripts.
    • +
    • Redirect invalid requests.
    • +
    • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
    • +
    • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
    • +
    • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
    • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/html to version 0.13.0 or higher.

    +

    References

    + + +
    + + + +
    +
    +

    CVE-2023-3817

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    +

    References

    + + +
    + + + +
    diff --git a/docs/snyk/master/haproxy_2.6.14-alpine.html b/docs/snyk/master/haproxy_2.6.14-alpine.html index fc3c8a2a7e8cb..cabb372c109f5 100644 --- a/docs/snyk/master/haproxy_2.6.14-alpine.html +++ b/docs/snyk/master/haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:16:03 am (UTC+00:00)

    +

    August 6th 2023, 12:14:24 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    2 known vulnerabilities
    -
    18 vulnerable dependency paths
    +
    3 known vulnerabilities
    +
    27 vulnerable dependency paths
    18 dependencies
    @@ -833,6 +833,8 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org

  • @@ -842,6 +844,185 @@

    References

    +
    +

    CVE-2023-3817

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    +

    References

    + + +
    + + + +
    diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index 3696a95cf6e6b..e47e9c2a08848 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:16:27 am (UTC+00:00)

    +

    August 6th 2023, 12:14:47 am (UTC+00:00)

    Scanned the following paths: @@ -466,9 +466,9 @@

    Snyk test report

    -
    19 known vulnerabilities
    -
    101 vulnerable dependency paths
    -
    2121 dependencies
    +
    17 known vulnerabilities
    +
    74 vulnerable dependency paths
    +
    2126 dependencies
    @@ -557,7 +557,7 @@

    References

    -

    Improper Validation of Integrity Check Value

    +

    CVE-2023-4016

    @@ -573,12 +573,12 @@

    Improper Validation of Integrity Check Value

  • Vulnerable module: - systemd/libsystemd0 + procps/libprocps8
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and systemd/libsystemd0@249.11-0ubuntu3.9 + docker-image|quay.io/argoproj/argocd@latest and procps/libprocps8@2:3.3.17-6ubuntu2
  • @@ -589,351 +589,11 @@

    Improper Validation of Integrity Check Value

    Detailed paths

      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - apt@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - procps/libprocps8@2:3.3.17-6ubuntu2 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - util-linux@2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - util-linux/bsdutils@1:2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - libfido2/libfido2-1@1.10.0-1 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - util-linux@2.37.2-4ubuntu3 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ** DISPUTED ** An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 systemd.

    -

    References

    - - -
    - - - -
    -
    -

    Improper Validation of Integrity Check Value

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - systemd/libsystemd0 -
    • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and systemd/libsystemd0@249.11-0ubuntu3.9 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - apt@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • Introduced through: docker-image|quay.io/argoproj/argocd@latest procps/libprocps8@2:3.3.17-6ubuntu2 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - util-linux@2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - util-linux/bsdutils@1:2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - libfido2/libfido2-1@1.10.0-1 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - util-linux@2.37.2-4ubuntu3 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 systemd.

    -

    References

    - - -
    - - - -
    -
    -

    Improper Validation of Integrity Check Value

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - systemd/libsystemd0 -
    • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and systemd/libsystemd0@249.11-0ubuntu3.9 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - systemd/libsystemd0@249.11-0ubuntu3.9 @@ -942,31 +602,9 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest + procps@2:3.3.17-6ubuntu2 procps/libprocps8@2:3.3.17-6ubuntu2 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - util-linux@2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 @@ -975,66 +613,7 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - util-linux/bsdutils@1:2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - libfido2/libfido2-1@1.10.0-1 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - util-linux@2.37.2-4ubuntu3 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libudev1@249.11-0ubuntu3.9 + procps@2:3.3.17-6ubuntu2 @@ -1046,23 +625,21 @@

      Detailed paths


      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream procps package and not the procps package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      ** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

      +

      Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 systemd.

      +

      There is no fixed version for Ubuntu:22.04 procps.

      References


    diff --git a/docs/snyk/master/redis_7.0.11-alpine.html b/docs/snyk/master/redis_7.0.11-alpine.html index ce6e2ec055b70..d50f12a8913d2 100644 --- a/docs/snyk/master/redis_7.0.11-alpine.html +++ b/docs/snyk/master/redis_7.0.11-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:16:34 am (UTC+00:00)

    +

    August 6th 2023, 12:14:57 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    2 known vulnerabilities
    -
    18 vulnerable dependency paths
    +
    3 known vulnerabilities
    +
    27 vulnerable dependency paths
    18 dependencies
    @@ -833,6 +833,8 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org

  • @@ -842,6 +844,185 @@

    References

    +
    +

    CVE-2023-3817

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    +

    References

    + + +
    + + + +
    diff --git a/docs/snyk/v2.5.21/argocd-iac-install.html b/docs/snyk/v2.5.21/argocd-iac-install.html index 37f05edd7ae93..877a64411205a 100644 --- a/docs/snyk/v2.5.21/argocd-iac-install.html +++ b/docs/snyk/v2.5.21/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:28:25 am (UTC+00:00)

    +

    August 6th 2023, 12:26:07 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.5.21/argocd-iac-namespace-install.html b/docs/snyk/v2.5.21/argocd-iac-namespace-install.html index 9c1deada2701c..8eefa6b405146 100644 --- a/docs/snyk/v2.5.21/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.5.21/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:28:36 am (UTC+00:00)

    +

    August 6th 2023, 12:26:17 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.5.21/argocd-test.html b/docs/snyk/v2.5.21/argocd-test.html index 2d002a2bc03de..72561b2cb2f25 100644 --- a/docs/snyk/v2.5.21/argocd-test.html +++ b/docs/snyk/v2.5.21/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:26:48 am (UTC+00:00)

    +

    August 6th 2023, 12:24:35 am (UTC+00:00)

    Scanned the following paths: diff --git a/docs/snyk/v2.5.21/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.5.21/ghcr.io_dexidp_dex_v2.37.0.html index ef8d54b899983..06a1a8ea17ae3 100644 --- a/docs/snyk/v2.5.21/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.5.21/ghcr.io_dexidp_dex_v2.37.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:26:55 am (UTC+00:00)

    +

    August 6th 2023, 12:24:44 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    2 known vulnerabilities
    -
    14 vulnerable dependency paths
    +
    4 known vulnerabilities
    +
    22 vulnerable dependency paths
    786 dependencies
    @@ -780,6 +780,8 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org

  • @@ -789,6 +791,286 @@

    References

    +
    +

    Cross-site Scripting (XSS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: golang +
    • +
    • + Vulnerable module: + + golang.org/x/net/html +
    • + +
    • Introduced through: + + github.com/dexidp/dex@* and golang.org/x/net/html@v0.11.0 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/dexidp/dex@* + + golang.org/x/net/html@v0.11.0 + + + +
    • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    +

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the render1() function in render.go. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be.

    +

    Details

    +

    A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

    +

    This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

    +

    Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

    +

    Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

    +

    The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

    +

    Types of attacks

    +

    There are a few methods by which XSS can be manipulated:

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    TypeOriginDescription
    StoredServerThe malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
    ReflectedServerThe attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
    DOM-basedClientThe attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
    MutatedThe attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.
    +

    Affected environments

    +

    The following environments are susceptible to an XSS attack:

    +
      +
    • Web servers
    • +
    • Application servers
    • +
    • Web application environments
    • +
    +

    How to prevent

    +

    This section describes the top best practices designed to specifically protect your code:

    +
      +
    • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
    • +
    • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
    • +
    • Give users the option to disable client-side scripts.
    • +
    • Redirect invalid requests.
    • +
    • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
    • +
    • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
    • +
    • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
    • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/html to version 0.13.0 or higher.

    +

    References

    + + +
    + + + +
    +
    +

    CVE-2023-3817

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    +

    References

    + + +
    + + + +
    diff --git a/docs/snyk/v2.5.21/haproxy_2.6.14-alpine.html b/docs/snyk/v2.5.21/haproxy_2.6.14-alpine.html index c3152b9329766..43a5d3be893f2 100644 --- a/docs/snyk/v2.5.21/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.5.21/haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:27:02 am (UTC+00:00)

    +

    August 6th 2023, 12:24:49 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    2 known vulnerabilities
    -
    18 vulnerable dependency paths
    +
    3 known vulnerabilities
    +
    27 vulnerable dependency paths
    18 dependencies
    @@ -833,6 +833,8 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org

  • @@ -842,6 +844,185 @@

    References

    +
    +

    CVE-2023-3817

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    +

    References

    + + +
    + + + +
    diff --git a/docs/snyk/v2.5.21/quay.io_argoproj_argocd_v2.5.21.html b/docs/snyk/v2.5.21/quay.io_argoproj_argocd_v2.5.21.html index 3f686a2048fa4..e2703c65c69b8 100644 --- a/docs/snyk/v2.5.21/quay.io_argoproj_argocd_v2.5.21.html +++ b/docs/snyk/v2.5.21/quay.io_argoproj_argocd_v2.5.21.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:27:26 am (UTC+00:00)

    +

    August 6th 2023, 12:25:08 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    29 known vulnerabilities
    -
    113 vulnerable dependency paths
    +
    28 known vulnerabilities
    +
    87 vulnerable dependency paths
    2047 dependencies
    @@ -879,7 +879,7 @@

    References

    -

    Improper Validation of Integrity Check Value

    +

    CVE-2023-4016

    @@ -895,12 +895,12 @@

    Improper Validation of Integrity Check Value

  • Vulnerable module: - systemd/libsystemd0 + procps/libprocps8
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 and systemd/libsystemd0@249.11-0ubuntu3.9 + docker-image|quay.io/argoproj/argocd@v2.5.21 and procps/libprocps8@2:3.3.17-6ubuntu2
  • @@ -911,269 +911,11 @@

    Improper Validation of Integrity Check Value

    Detailed paths

      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - apt@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - procps/libprocps8@2:3.3.17-6ubuntu2 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - util-linux@2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - util-linux/bsdutils@1:2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - libfido2/libfido2-1@1.10.0-1 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - util-linux@2.37.2-4ubuntu3 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ** DISPUTED ** An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 systemd.

    -

    References

    - - -
    - - - -
    -
    -

    Improper Validation of Integrity Check Value

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - systemd/libsystemd0 -
    • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.21 and systemd/libsystemd0@249.11-0ubuntu3.9 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - apt@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • Introduced through: docker-image|quay.io/argoproj/argocd@v2.5.21 procps/libprocps8@2:3.3.17-6ubuntu2 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - util-linux@2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - util-linux/bsdutils@1:2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - libfido2/libfido2-1@1.10.0-1 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - util-linux@2.37.2-4ubuntu3 - - systemd/libudev1@249.11-0ubuntu3.9 @@ -1182,168 +924,9 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.5.21 - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 systemd.

    -

    References

    - - -
    - - - -
    -
    -

    Improper Validation of Integrity Check Value

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - systemd/libsystemd0 -
    • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.21 and systemd/libsystemd0@249.11-0ubuntu3.9 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - apt@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 + procps@2:3.3.17-6ubuntu2 procps/libprocps8@2:3.3.17-6ubuntu2 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - util-linux@2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - util-linux/bsdutils@1:2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - libfido2/libfido2-1@1.10.0-1 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.21 - - util-linux@2.37.2-4ubuntu3 - - systemd/libudev1@249.11-0ubuntu3.9 @@ -1352,11 +935,7 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.5.21 - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libudev1@249.11-0ubuntu3.9 + procps@2:3.3.17-6ubuntu2 @@ -1368,28 +947,26 @@

      Detailed paths


      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream procps package and not the procps package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      ** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

      +

      Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 systemd.

      +

      There is no fixed version for Ubuntu:22.04 procps.

      References


    -

    CVE-2023-38408

    +

    Unquoted Search Path or Element

    @@ -1459,6 +1036,7 @@

    References

  • cve@mitre.org
  • cve@mitre.org
  • cve@mitre.org
  • +
  • cve@mitre.org

  • @@ -1768,6 +1346,72 @@

    References

    More about this vulnerability

    +
    +
    +

    Improper Verification of Cryptographic Signature

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: golang +
    • +
    • + Vulnerable module: + + golang.org/x/crypto/openpgp/clearsign +
    • + +
    • Introduced through: + + helm.sh/helm/v3@* and golang.org/x/crypto/openpgp/clearsign@v0.0.0-20220525230936-793ad666bf5e + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + helm.sh/helm/v3@* + + golang.org/x/crypto/openpgp/clearsign@v0.0.0-20220525230936-793ad666bf5e + + + +
    • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the crypto/openpgp/clearsign/clearsign.go component. An attacker can spoof the 'Hash' Armor Header, leading a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, the attacker can prepend arbitrary text to cleartext messages without invalidating the signatures.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/openpgp/clearsign to version 0.1.0 or higher.

    +

    References

    + + +
    + + +

    Improper Input Validation

    diff --git a/docs/snyk/v2.5.21/redis_7.0.11-alpine.html b/docs/snyk/v2.5.21/redis_7.0.11-alpine.html index d1f43de8c966f..1c90a35caf6f8 100644 --- a/docs/snyk/v2.5.21/redis_7.0.11-alpine.html +++ b/docs/snyk/v2.5.21/redis_7.0.11-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:27:31 am (UTC+00:00)

    +

    August 6th 2023, 12:25:13 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    2 known vulnerabilities
    -
    18 vulnerable dependency paths
    +
    3 known vulnerabilities
    +
    27 vulnerable dependency paths
    18 dependencies
    @@ -833,6 +833,8 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org

  • @@ -842,6 +844,185 @@

    References

    +
    +

    CVE-2023-3817

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    +

    References

    + + +
    + + + +
    diff --git a/docs/snyk/v2.6.13/argocd-iac-install.html b/docs/snyk/v2.6.13/argocd-iac-install.html index 06539ceab160c..287abd5cc29ef 100644 --- a/docs/snyk/v2.6.13/argocd-iac-install.html +++ b/docs/snyk/v2.6.13/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:26:09 am (UTC+00:00)

    +

    August 6th 2023, 12:24:07 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.6.13/argocd-iac-namespace-install.html b/docs/snyk/v2.6.13/argocd-iac-namespace-install.html index c674445ae78e9..86fa68d4ff535 100644 --- a/docs/snyk/v2.6.13/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.6.13/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:26:22 am (UTC+00:00)

    +

    August 6th 2023, 12:24:18 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.6.13/argocd-test.html b/docs/snyk/v2.6.13/argocd-test.html index 8ca8e695cfdab..cf9d2c9604c15 100644 --- a/docs/snyk/v2.6.13/argocd-test.html +++ b/docs/snyk/v2.6.13/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:23:59 am (UTC+00:00)

    +

    August 6th 2023, 12:22:11 am (UTC+00:00)

    Scanned the following paths: diff --git a/docs/snyk/v2.6.13/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.6.13/ghcr.io_dexidp_dex_v2.37.0.html index 0ec1df0924aea..e8a88abf81efe 100644 --- a/docs/snyk/v2.6.13/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.6.13/ghcr.io_dexidp_dex_v2.37.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:24:08 am (UTC+00:00)

    +

    August 6th 2023, 12:22:18 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    2 known vulnerabilities
    -
    14 vulnerable dependency paths
    +
    4 known vulnerabilities
    +
    22 vulnerable dependency paths
    786 dependencies
    @@ -780,6 +780,8 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org

  • @@ -789,6 +791,286 @@

    References

    +
    +

    Cross-site Scripting (XSS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: golang +
    • +
    • + Vulnerable module: + + golang.org/x/net/html +
    • + +
    • Introduced through: + + github.com/dexidp/dex@* and golang.org/x/net/html@v0.11.0 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/dexidp/dex@* + + golang.org/x/net/html@v0.11.0 + + + +
    • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    +

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the render1() function in render.go. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be.

    +

    Details

    +

    A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

    +

    This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

    +

    Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

    +

    Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

    +

    The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

    +

    Types of attacks

    +

    There are a few methods by which XSS can be manipulated:

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    TypeOriginDescription
    StoredServerThe malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
    ReflectedServerThe attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
    DOM-basedClientThe attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
    MutatedThe attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.
    +

    Affected environments

    +

    The following environments are susceptible to an XSS attack:

    +
      +
    • Web servers
    • +
    • Application servers
    • +
    • Web application environments
    • +
    +

    How to prevent

    +

    This section describes the top best practices designed to specifically protect your code:

    +
      +
    • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
    • +
    • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
    • +
    • Give users the option to disable client-side scripts.
    • +
    • Redirect invalid requests.
    • +
    • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
    • +
    • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
    • +
    • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
    • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/html to version 0.13.0 or higher.

    +

    References

    + + +
    + + + +
    +
    +

    CVE-2023-3817

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    +

    References

    + + +
    + + + +
    diff --git a/docs/snyk/v2.6.13/haproxy_2.6.14-alpine.html b/docs/snyk/v2.6.13/haproxy_2.6.14-alpine.html index 592806d6857c4..66737e1821f83 100644 --- a/docs/snyk/v2.6.13/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.6.13/haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:24:12 am (UTC+00:00)

    +

    August 6th 2023, 12:22:22 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    2 known vulnerabilities
    -
    18 vulnerable dependency paths
    +
    3 known vulnerabilities
    +
    27 vulnerable dependency paths
    18 dependencies
    @@ -833,6 +833,8 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org

  • @@ -842,6 +844,185 @@

    References

    +
    +

    CVE-2023-3817

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    +

    References

    + + +
    + + + +
    diff --git a/docs/snyk/v2.6.13/quay.io_argoproj_argocd_v2.6.13.html b/docs/snyk/v2.6.13/quay.io_argoproj_argocd_v2.6.13.html index d9c61189ee298..5801ea204e715 100644 --- a/docs/snyk/v2.6.13/quay.io_argoproj_argocd_v2.6.13.html +++ b/docs/snyk/v2.6.13/quay.io_argoproj_argocd_v2.6.13.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:24:42 am (UTC+00:00)

    +

    August 6th 2023, 12:22:46 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    27 known vulnerabilities
    -
    111 vulnerable dependency paths
    +
    26 known vulnerabilities
    +
    85 vulnerable dependency paths
    2064 dependencies
    @@ -879,7 +879,7 @@

    References

    -

    Improper Validation of Integrity Check Value

    +

    CVE-2023-4016

    @@ -895,12 +895,12 @@

    Improper Validation of Integrity Check Value

  • Vulnerable module: - systemd/libsystemd0 + procps/libprocps8
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 and systemd/libsystemd0@249.11-0ubuntu3.9 + docker-image|quay.io/argoproj/argocd@v2.6.13 and procps/libprocps8@2:3.3.17-6ubuntu2
  • @@ -911,269 +911,11 @@

    Improper Validation of Integrity Check Value

    Detailed paths

      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - apt@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - procps/libprocps8@2:3.3.17-6ubuntu2 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - util-linux@2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - util-linux/bsdutils@1:2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - libfido2/libfido2-1@1.10.0-1 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - util-linux@2.37.2-4ubuntu3 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ** DISPUTED ** An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 systemd.

    -

    References

    - - -
    - - - -
    -
    -

    Improper Validation of Integrity Check Value

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - systemd/libsystemd0 -
    • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.6.13 and systemd/libsystemd0@249.11-0ubuntu3.9 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - apt@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • Introduced through: docker-image|quay.io/argoproj/argocd@v2.6.13 procps/libprocps8@2:3.3.17-6ubuntu2 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - util-linux@2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - util-linux/bsdutils@1:2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - libfido2/libfido2-1@1.10.0-1 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - util-linux@2.37.2-4ubuntu3 - - systemd/libudev1@249.11-0ubuntu3.9 @@ -1182,168 +924,9 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.6.13 - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 systemd.

    -

    References

    - - -
    - - - -
    -
    -

    Improper Validation of Integrity Check Value

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - systemd/libsystemd0 -
    • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.6.13 and systemd/libsystemd0@249.11-0ubuntu3.9 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - apt@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 + procps@2:3.3.17-6ubuntu2 procps/libprocps8@2:3.3.17-6ubuntu2 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - util-linux@2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - util-linux/bsdutils@1:2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - libfido2/libfido2-1@1.10.0-1 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.13 - - util-linux@2.37.2-4ubuntu3 - - systemd/libudev1@249.11-0ubuntu3.9 @@ -1352,11 +935,7 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.6.13 - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libudev1@249.11-0ubuntu3.9 + procps@2:3.3.17-6ubuntu2 @@ -1368,28 +947,26 @@

      Detailed paths


      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream procps package and not the procps package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      ** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

      +

      Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 systemd.

      +

      There is no fixed version for Ubuntu:22.04 procps.

      References


    -

    CVE-2023-38408

    +

    Unquoted Search Path or Element

    @@ -1459,6 +1036,7 @@

    References

  • cve@mitre.org
  • cve@mitre.org
  • cve@mitre.org
  • +
  • cve@mitre.org

  • @@ -1689,6 +1267,72 @@

    References

    More about this vulnerability

    +
    +
    +

    Improper Verification of Cryptographic Signature

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: golang +
    • +
    • + Vulnerable module: + + golang.org/x/crypto/openpgp/clearsign +
    • + +
    • Introduced through: + + helm.sh/helm/v3@* and golang.org/x/crypto/openpgp/clearsign@v0.0.0-20220525230936-793ad666bf5e + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + helm.sh/helm/v3@* + + golang.org/x/crypto/openpgp/clearsign@v0.0.0-20220525230936-793ad666bf5e + + + +
    • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the crypto/openpgp/clearsign/clearsign.go component. An attacker can spoof the 'Hash' Armor Header, leading a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, the attacker can prepend arbitrary text to cleartext messages without invalidating the signatures.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/openpgp/clearsign to version 0.1.0 or higher.

    +

    References

    + + +
    + + +

    CVE-2022-46908

    diff --git a/docs/snyk/v2.6.13/redis_7.0.11-alpine.html b/docs/snyk/v2.6.13/redis_7.0.11-alpine.html index 1d38a1128301a..7b140ab6e6550 100644 --- a/docs/snyk/v2.6.13/redis_7.0.11-alpine.html +++ b/docs/snyk/v2.6.13/redis_7.0.11-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:24:50 am (UTC+00:00)

    +

    August 6th 2023, 12:22:51 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    2 known vulnerabilities
    -
    18 vulnerable dependency paths
    +
    3 known vulnerabilities
    +
    27 vulnerable dependency paths
    18 dependencies
    @@ -833,6 +833,8 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org

  • @@ -842,6 +844,185 @@

    References

    +
    +

    CVE-2023-3817

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    +

    References

    + + +
    + + + +
    diff --git a/docs/snyk/v2.7.9/argocd-iac-install.html b/docs/snyk/v2.7.10/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.7.9/argocd-iac-install.html rename to docs/snyk/v2.7.10/argocd-iac-install.html index 6112822b58ecf..6bcd9025d71e9 100644 --- a/docs/snyk/v2.7.9/argocd-iac-install.html +++ b/docs/snyk/v2.7.10/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:23:31 am (UTC+00:00)

    +

    August 6th 2023, 12:21:45 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.7.9/argocd-iac-namespace-install.html b/docs/snyk/v2.7.10/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.7.9/argocd-iac-namespace-install.html rename to docs/snyk/v2.7.10/argocd-iac-namespace-install.html index 48df22bad2974..1105c6962e60e 100644 --- a/docs/snyk/v2.7.9/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.7.10/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:23:45 am (UTC+00:00)

    +

    August 6th 2023, 12:21:57 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.7.9/argocd-test.html b/docs/snyk/v2.7.10/argocd-test.html similarity index 99% rename from docs/snyk/v2.7.9/argocd-test.html rename to docs/snyk/v2.7.10/argocd-test.html index dcab0ce095774..b434910c23e84 100644 --- a/docs/snyk/v2.7.9/argocd-test.html +++ b/docs/snyk/v2.7.10/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:21:29 am (UTC+00:00)

    +

    August 6th 2023, 12:19:44 am (UTC+00:00)

    Scanned the following paths: diff --git a/docs/snyk/v2.7.10/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.7.10/ghcr.io_dexidp_dex_v2.37.0.html new file mode 100644 index 0000000000000..6e13ca3147f6c --- /dev/null +++ b/docs/snyk/v2.7.10/ghcr.io_dexidp_dex_v2.37.0.html @@ -0,0 +1,1079 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    August 6th 2023, 12:19:51 am (UTC+00:00)

    +
    +
    + Scanned the following paths: +
      +
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
    • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 (gomodules)
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
    • +
    +
    + +
    +
    4 known vulnerabilities
    +
    22 vulnerable dependency paths
    +
    786 dependencies
    +
    +
    +
    +
    + +
    +
    +
    +

    Improper Authentication

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

    +

    Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

    +

    The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

    +

    As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    +

    References

    + + +
    + + + +
    +
    +

    Inefficient Regular Expression Complexity

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

    +

    However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    +

    References

    + + +
    + + + +
    +
    +

    Cross-site Scripting (XSS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: golang +
    • +
    • + Vulnerable module: + + golang.org/x/net/html +
    • + +
    • Introduced through: + + github.com/dexidp/dex@* and golang.org/x/net/html@v0.11.0 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/dexidp/dex@* + + golang.org/x/net/html@v0.11.0 + + + +
    • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    +

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the render1() function in render.go. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be.

    +

    Details

    +

    A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

    +

    This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

    +

    Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

    +

    Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

    +

    The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

    +

    Types of attacks

    +

    There are a few methods by which XSS can be manipulated:

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    TypeOriginDescription
    StoredServerThe malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
    ReflectedServerThe attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
    DOM-basedClientThe attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
    MutatedThe attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.
    +

    Affected environments

    +

    The following environments are susceptible to an XSS attack:

    +
      +
    • Web servers
    • +
    • Application servers
    • +
    • Web application environments
    • +
    +

    How to prevent

    +

    This section describes the top best practices designed to specifically protect your code:

    +
      +
    • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
    • +
    • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
    • +
    • Give users the option to disable client-side scripts.
    • +
    • Redirect invalid requests.
    • +
    • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
    • +
    • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
    • +
    • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
    • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/html to version 0.13.0 or higher.

    +

    References

    + + +
    + + + +
    +
    +

    CVE-2023-3817

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    +

    References

    + + +
    + + + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.7.9/haproxy_2.6.14-alpine.html b/docs/snyk/v2.7.10/haproxy_2.6.14-alpine.html similarity index 75% rename from docs/snyk/v2.7.9/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.7.10/haproxy_2.6.14-alpine.html index 9e0ec604811ae..1c387dbb62e40 100644 --- a/docs/snyk/v2.7.9/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.7.10/haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:21:41 am (UTC+00:00)

    +

    August 6th 2023, 12:19:56 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    2 known vulnerabilities
    -
    18 vulnerable dependency paths
    +
    3 known vulnerabilities
    +
    27 vulnerable dependency paths
    18 dependencies
    @@ -833,6 +833,8 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org

  • @@ -842,6 +844,185 @@

    References

    +
    +

    CVE-2023-3817

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    +

    References

    + + +
    + + + +
    diff --git a/docs/snyk/v2.8.0-rc6/quay.io_argoproj_argocd_v2.8.0-rc6.html b/docs/snyk/v2.7.10/quay.io_argoproj_argocd_v2.7.10.html similarity index 79% rename from docs/snyk/v2.8.0-rc6/quay.io_argoproj_argocd_v2.8.0-rc6.html rename to docs/snyk/v2.7.10/quay.io_argoproj_argocd_v2.7.10.html index 64e0e9459d643..9cb763260edec 100644 --- a/docs/snyk/v2.8.0-rc6/quay.io_argoproj_argocd_v2.8.0-rc6.html +++ b/docs/snyk/v2.7.10/quay.io_argoproj_argocd_v2.7.10.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,19 +456,19 @@

    Snyk test report

    -

    July 30th 2023, 12:19:16 am (UTC+00:00)

    +

    August 6th 2023, 12:20:16 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.8.0-rc6/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.8.0-rc6/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.8.0-rc6/kustomize/kustomize/v5 (gomodules)
    • quay.io/argoproj/argocd:v2.8.0-rc6/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.8.0-rc6/git-lfs/git-lfs (gomodules)
    • +
    • quay.io/argoproj/argocd:v2.7.10/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.7.10/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.7.10/kustomize/kustomize/v5 (gomodules)
    • quay.io/argoproj/argocd:v2.7.10/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.7.10/git-lfs/git-lfs (gomodules)
    -
    19 known vulnerabilities
    -
    101 vulnerable dependency paths
    -
    2112 dependencies
    +
    18 known vulnerabilities
    +
    75 vulnerable dependency paths
    +
    2066 dependencies
    @@ -493,12 +493,12 @@

    Denial of Service (DoS)

  • Vulnerable module: - nhooyr.io/websocket + golang.org/x/net/http2/hpack
  • Introduced through: - github.com/argoproj/argo-cd/v2@* and nhooyr.io/websocket@v1.8.6 + helm.sh/helm/v3@* and golang.org/x/net/http2/hpack@v0.5.0
  • @@ -511,9 +511,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + helm.sh/helm/v3@* - nhooyr.io/websocket@v1.8.6 + golang.org/x/net/http2/hpack@v0.5.0 @@ -525,10 +525,7 @@

      Detailed paths


      Overview

      -

      nhooyr.io/websocket is a minimal and idiomatic WebSocket library for Go.

      -

      Affected versions of this package are vulnerable to Denial of Service (DoS). A double channel close panic is possible if a peer sent back multiple pongs for every ping. - If the second pong arrived before the ping goroutine deleted its channel from the map, the channel would be closed twice and a panic would - occur.

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

      Details

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      @@ -542,43 +539,45 @@

      Details

    Remediation

    -

    Upgrade nhooyr.io/websocket to version 1.8.7 or higher.

    +

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    References


    -
    -

    Improper Validation of Integrity Check Value

    +
    +

    Denial of Service (DoS)

    -
    - medium severity +
    + high severity

    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - systemd/libsystemd0 + golang.org/x/net/http2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and systemd/libsystemd0@249.11-0ubuntu3.9 + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0
    @@ -591,110 +590,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - apt@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - procps/libprocps8@2:3.3.17-6ubuntu2 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - util-linux@2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - util-linux/bsdutils@1:2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - libfido2/libfido2-1@1.10.0-1 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - util-linux@2.37.2-4ubuntu3 + helm.sh/helm/v3@* - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libudev1@249.11-0ubuntu3.9 + golang.org/x/net/http2@v0.5.0 @@ -705,199 +603,40 @@

      Detailed paths


      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      ** DISPUTED ** An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 systemd.

      -

      References

      +

      Overview

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

      - -
      - - - -
    -
    -

    Improper Validation of Integrity Check Value

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - systemd/libsystemd0 -
    • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and systemd/libsystemd0@249.11-0ubuntu3.9 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - apt@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - procps/libprocps8@2:3.3.17-6ubuntu2 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - util-linux@2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - util-linux/bsdutils@1:2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - libfido2/libfido2-1@1.10.0-1 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - util-linux@2.37.2-4ubuntu3 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 systemd.

    +

    Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

    References


    -

    Improper Validation of Integrity Check Value

    +

    CVE-2023-4016

    @@ -913,12 +652,12 @@

    Improper Validation of Integrity Check Value

  • Vulnerable module: - systemd/libsystemd0 + procps/libprocps8
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and systemd/libsystemd0@249.11-0ubuntu3.9 + docker-image|quay.io/argoproj/argocd@v2.7.10 and procps/libprocps8@2:3.3.17-6ubuntu2
  • @@ -931,110 +670,29 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - apt@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 procps/libprocps8@2:3.3.17-6ubuntu2 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - util-linux@2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 - util-linux/bsdutils@1:2.37.2-4ubuntu3 + procps@2:3.3.17-6ubuntu2 - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - libfido2/libfido2-1@1.10.0-1 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - util-linux@2.37.2-4ubuntu3 - - systemd/libudev1@249.11-0ubuntu3.9 + procps/libprocps8@2:3.3.17-6ubuntu2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 + docker-image|quay.io/argoproj/argocd@v2.7.10 - systemd/libudev1@249.11-0ubuntu3.9 + procps@2:3.3.17-6ubuntu2 @@ -1046,23 +704,21 @@

      Detailed paths


      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream procps package and not the procps package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      ** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

      +

      Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 systemd.

      +

      There is no fixed version for Ubuntu:22.04 procps.

      References


    @@ -1089,7 +745,7 @@

    CVE-2022-46908

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.7.10, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
  • @@ -1101,7 +757,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1160,7 +816,7 @@

      Arbitrary Code Injection

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and shadow/passwd@1:4.8.1-2ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.7.10 and shadow/passwd@1:4.8.1-2ubuntu2.1
    @@ -1173,7 +829,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1182,7 +838,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 adduser@3.118ubuntu5 @@ -1193,7 +849,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 openssh/openssh-client@1:8.9p1-3ubuntu0.3 @@ -1204,7 +860,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 shadow/login@1:4.8.1-2ubuntu2.1 @@ -1261,7 +917,7 @@

      Uncontrolled Recursion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.7.10 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -1274,7 +930,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1283,7 +939,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 grep@3.7-1build1 @@ -1345,7 +1001,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.7.10 and patch@2.7.6-7build2
    @@ -1358,7 +1014,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 patch@2.7.6-7build2 @@ -1412,7 +1068,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.7.10 and patch@2.7.6-7build2
    @@ -1425,7 +1081,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 patch@2.7.6-7build2 @@ -1484,7 +1140,7 @@

      Improper Authentication

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and openssl/libssl3@3.0.2-0ubuntu1.10 + docker-image|quay.io/argoproj/argocd@v2.7.10 and openssl/libssl3@3.0.2-0ubuntu1.10
    @@ -1497,7 +1153,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 openssl/libssl3@3.0.2-0ubuntu1.10 @@ -1506,7 +1162,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 @@ -1517,7 +1173,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 libfido2/libfido2-1@1.10.0-1 @@ -1528,7 +1184,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 openssh/openssh-client@1:8.9p1-3ubuntu0.3 @@ -1539,7 +1195,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 ca-certificates@20230311ubuntu0.22.04.1 @@ -1552,7 +1208,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 git@1:2.34.1-1ubuntu1.9 @@ -1567,7 +1223,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 adduser@3.118ubuntu5 @@ -1590,7 +1246,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 openssl@3.0.2-0ubuntu1.10 @@ -1599,7 +1255,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 ca-certificates@20230311ubuntu0.22.04.1 @@ -1676,7 +1332,7 @@

      CVE-2023-28531

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and openssh/openssh-client@1:8.9p1-3ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.7.10 and openssh/openssh-client@1:8.9p1-3ubuntu0.3
    @@ -1689,7 +1345,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 openssh/openssh-client@1:8.9p1-3ubuntu0.3 @@ -1746,7 +1402,7 @@

      NULL Pointer Dereference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.7.10, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
    @@ -1758,7 +1414,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -1769,7 +1425,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 git@1:2.34.1-1ubuntu1.9 @@ -1782,7 +1438,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 openldap/libldap-common@2.5.15+dfsg-0ubuntu0.22.04.1 @@ -1845,7 +1501,7 @@

      Resource Exhaustion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6, meta-common-packages@meta and others + docker-image|quay.io/argoproj/argocd@v2.7.10, meta-common-packages@meta and others
    @@ -1857,7 +1513,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 meta-common-packages@meta @@ -1914,7 +1570,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and krb5/libk5crypto3@1.19.2-2ubuntu0.2 + docker-image|quay.io/argoproj/argocd@v2.7.10 and krb5/libk5crypto3@1.19.2-2ubuntu0.2
    @@ -1927,7 +1583,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 krb5/libk5crypto3@1.19.2-2ubuntu0.2 @@ -1936,7 +1592,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 adduser@3.118ubuntu5 @@ -1957,7 +1613,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 adduser@3.118ubuntu5 @@ -1980,7 +1636,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 krb5/libkrb5-3@1.19.2-2ubuntu0.2 @@ -1989,7 +1645,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 adduser@3.118ubuntu5 @@ -2010,7 +1666,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2019,7 +1675,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 openssh/openssh-client@1:8.9p1-3ubuntu0.3 @@ -2030,7 +1686,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 git@1:2.34.1-1ubuntu1.9 @@ -2043,7 +1699,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 git@1:2.34.1-1ubuntu1.9 @@ -2058,7 +1714,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 adduser@3.118ubuntu5 @@ -2077,7 +1733,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 meta-common-packages@meta @@ -2136,7 +1792,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.7.10 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2149,7 +1805,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2158,7 +1814,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 apt@2.4.9 @@ -2169,7 +1825,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2180,7 +1836,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2191,7 +1847,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2202,7 +1858,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2215,7 +1871,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2228,7 +1884,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2237,7 +1893,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2248,7 +1904,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2261,7 +1917,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2270,7 +1926,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2281,7 +1937,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2290,7 +1946,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2301,7 +1957,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2310,7 +1966,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2321,7 +1977,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2334,7 +1990,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2347,7 +2003,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2356,7 +2012,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2367,7 +2023,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2380,7 +2036,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2393,7 +2049,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2402,7 +2058,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2413,7 +2069,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2422,7 +2078,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2433,7 +2089,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2442,7 +2098,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2453,7 +2109,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2512,7 +2168,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.7.10 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -2525,7 +2181,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 glibc/libc-bin@2.35-0ubuntu3.1 @@ -2534,7 +2190,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 meta-common-packages@meta @@ -2593,7 +2249,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6, git@1:2.34.1-1ubuntu1.9 and others + docker-image|quay.io/argoproj/argocd@v2.7.10, git@1:2.34.1-1ubuntu1.9 and others
    @@ -2605,7 +2261,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 git@1:2.34.1-1ubuntu1.9 @@ -2616,7 +2272,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 git@1:2.34.1-1ubuntu1.9 @@ -2625,7 +2281,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 git-lfs@3.0.2-1ubuntu0.2 @@ -2682,7 +2338,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.7.10 and coreutils@8.32-4.1ubuntu1
    @@ -2695,7 +2351,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 coreutils@8.32-4.1ubuntu1 @@ -2752,7 +2408,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.7.10 and bash@5.1-6ubuntu1
    @@ -2765,7 +2421,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc6 + docker-image|quay.io/argoproj/argocd@v2.7.10 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.7.9/redis_7.0.11-alpine.html b/docs/snyk/v2.7.10/redis_7.0.11-alpine.html similarity index 75% rename from docs/snyk/v2.7.9/redis_7.0.11-alpine.html rename to docs/snyk/v2.7.10/redis_7.0.11-alpine.html index 2cfbf3c724cbf..dc7d6f7ecb4a1 100644 --- a/docs/snyk/v2.7.9/redis_7.0.11-alpine.html +++ b/docs/snyk/v2.7.10/redis_7.0.11-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

      Snyk test report

      -

      July 30th 2023, 12:22:08 am (UTC+00:00)

      +

      August 6th 2023, 12:20:21 am (UTC+00:00)

      Scanned the following path: @@ -466,8 +466,8 @@

      Snyk test report

      -
      2 known vulnerabilities
      -
      18 vulnerable dependency paths
      +
      3 known vulnerabilities
      +
      27 vulnerable dependency paths
      18 dependencies
    @@ -833,6 +833,8 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org

  • @@ -842,6 +844,185 @@

    References

    +
    +

    CVE-2023-3817

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    +

    References

    + + +
    + + + +
    diff --git a/docs/snyk/v2.7.9/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.7.9/ghcr.io_dexidp_dex_v2.37.0.html deleted file mode 100644 index 59838a933e9d6..0000000000000 --- a/docs/snyk/v2.7.9/ghcr.io_dexidp_dex_v2.37.0.html +++ /dev/null @@ -1,797 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    July 30th 2023, 12:21:36 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
    • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 (gomodules)
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
    • -
    -
    - -
    -
    2 known vulnerabilities
    -
    14 vulnerable dependency paths
    -
    786 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Improper Authentication

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
    • -
    • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

    -

    Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

    -

    The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

    -

    As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    -

    References

    - - -
    - - - -
    -
    -

    Inefficient Regular Expression Complexity

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
    • -
    • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    -

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

    -

    The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

    -

    However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

    -

    An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

    -

    The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

    -

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    -

    References

    - - -
    - - - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.8.0-rc6/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.8.0-rc6/ghcr.io_dexidp_dex_v2.37.0.html deleted file mode 100644 index d8c42b34ca2fc..0000000000000 --- a/docs/snyk/v2.8.0-rc6/ghcr.io_dexidp_dex_v2.37.0.html +++ /dev/null @@ -1,797 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    July 30th 2023, 12:18:49 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
    • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 (gomodules)
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
    • -
    -
    - -
    -
    2 known vulnerabilities
    -
    14 vulnerable dependency paths
    -
    786 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Improper Authentication

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
    • -
    • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

    -

    Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

    -

    The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

    -

    As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    -

    References

    - - -
    - - - -
    -
    -

    Inefficient Regular Expression Complexity

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
    • -
    • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
    • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    -

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

    -

    The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

    -

    However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

    -

    An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

    -

    The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

    -

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    -

    References

    - - -
    - - - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.8.0-rc6/argocd-iac-install.html b/docs/snyk/v2.8.0-rc7/argocd-iac-install.html similarity index 98% rename from docs/snyk/v2.8.0-rc6/argocd-iac-install.html rename to docs/snyk/v2.8.0-rc7/argocd-iac-install.html index 4bacacfe433d6..cfa514f9791ce 100644 --- a/docs/snyk/v2.8.0-rc6/argocd-iac-install.html +++ b/docs/snyk/v2.8.0-rc7/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:20:56 am (UTC+00:00)

    +

    August 6th 2023, 12:19:11 am (UTC+00:00)

    Scanned the following path: @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 19725 + Line number: 19731
  • @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 19333 + Line number: 19339
  • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 19299 + Line number: 19305
  • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 19393 + Line number: 19399
  • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 19480 + Line number: 19486
  • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 19725 + Line number: 19731
  • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 19537 + Line number: 19543
  • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 19810 + Line number: 19816
  • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 20126 + Line number: 20132
  • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 19313 + Line number: 19319
  • @@ -1467,7 +1467,7 @@

    Container is running without liveness probe

  • - Line number: 19299 + Line number: 19305
  • @@ -1519,7 +1519,7 @@

    Container is running without liveness probe

  • - Line number: 19333 + Line number: 19339
  • @@ -1571,7 +1571,7 @@

    Container is running without liveness probe

  • - Line number: 19480 + Line number: 19486
  • @@ -1623,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 19725 + Line number: 19731
  • @@ -1739,7 +1739,7 @@

    Container is running without memory limit

  • - Line number: 19299 + Line number: 19305
  • @@ -1797,7 +1797,7 @@

    Container is running without memory limit

  • - Line number: 19333 + Line number: 19339
  • @@ -1855,7 +1855,7 @@

    Container is running without memory limit

  • - Line number: 19393 + Line number: 19399
  • @@ -1913,7 +1913,7 @@

    Container is running without memory limit

  • - Line number: 19480 + Line number: 19486
  • @@ -1971,7 +1971,7 @@

    Container is running without memory limit

  • - Line number: 19725 + Line number: 19731
  • @@ -2029,7 +2029,7 @@

    Container is running without memory limit

  • - Line number: 19537 + Line number: 19543
  • @@ -2087,7 +2087,7 @@

    Container is running without memory limit

  • - Line number: 19810 + Line number: 19816
  • @@ -2145,7 +2145,7 @@

    Container is running without memory limit

  • - Line number: 20126 + Line number: 20132
  • @@ -2201,7 +2201,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19223 + Line number: 19229
  • @@ -2257,7 +2257,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19341 + Line number: 19347
  • @@ -2313,7 +2313,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19316 + Line number: 19322
  • @@ -2369,7 +2369,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19414 + Line number: 19420
  • @@ -2425,7 +2425,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19490 + Line number: 19496
  • @@ -2481,7 +2481,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19732 + Line number: 19738
  • @@ -2537,7 +2537,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19698 + Line number: 19704
  • @@ -2593,7 +2593,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 20036 + Line number: 20042
  • @@ -2649,7 +2649,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 20274 + Line number: 20280
  • diff --git a/docs/snyk/v2.8.0-rc6/argocd-iac-namespace-install.html b/docs/snyk/v2.8.0-rc7/argocd-iac-namespace-install.html similarity index 98% rename from docs/snyk/v2.8.0-rc6/argocd-iac-namespace-install.html rename to docs/snyk/v2.8.0-rc7/argocd-iac-namespace-install.html index 84c2735804224..fb3d83fdb0688 100644 --- a/docs/snyk/v2.8.0-rc6/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.8.0-rc7/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:21:07 am (UTC+00:00)

    +

    August 6th 2023, 12:19:22 am (UTC+00:00)

    Scanned the following path: @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 1243 + Line number: 1249
  • @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 851 + Line number: 857
  • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 817 + Line number: 823
  • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 911 + Line number: 917
  • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 998 + Line number: 1004
  • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 1243 + Line number: 1249
  • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 1055 + Line number: 1061
  • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1328 + Line number: 1334
  • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1644 + Line number: 1650
  • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 831 + Line number: 837
  • @@ -1467,7 +1467,7 @@

    Container is running without liveness probe

  • - Line number: 817 + Line number: 823
  • @@ -1519,7 +1519,7 @@

    Container is running without liveness probe

  • - Line number: 851 + Line number: 857
  • @@ -1571,7 +1571,7 @@

    Container is running without liveness probe

  • - Line number: 998 + Line number: 1004
  • @@ -1623,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 1243 + Line number: 1249
  • @@ -1739,7 +1739,7 @@

    Container is running without memory limit

  • - Line number: 817 + Line number: 823
  • @@ -1797,7 +1797,7 @@

    Container is running without memory limit

  • - Line number: 851 + Line number: 857
  • @@ -1855,7 +1855,7 @@

    Container is running without memory limit

  • - Line number: 911 + Line number: 917
  • @@ -1913,7 +1913,7 @@

    Container is running without memory limit

  • - Line number: 998 + Line number: 1004
  • @@ -1971,7 +1971,7 @@

    Container is running without memory limit

  • - Line number: 1243 + Line number: 1249
  • @@ -2029,7 +2029,7 @@

    Container is running without memory limit

  • - Line number: 1055 + Line number: 1061
  • @@ -2087,7 +2087,7 @@

    Container is running without memory limit

  • - Line number: 1328 + Line number: 1334
  • @@ -2145,7 +2145,7 @@

    Container is running without memory limit

  • - Line number: 1644 + Line number: 1650
  • @@ -2201,7 +2201,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 741 + Line number: 747
  • @@ -2257,7 +2257,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 859 + Line number: 865
  • @@ -2313,7 +2313,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 834 + Line number: 840
  • @@ -2369,7 +2369,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 932 + Line number: 938
  • @@ -2425,7 +2425,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1008 + Line number: 1014
  • @@ -2481,7 +2481,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1250 + Line number: 1256
  • @@ -2537,7 +2537,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1216 + Line number: 1222
  • @@ -2593,7 +2593,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1554 + Line number: 1560
  • @@ -2649,7 +2649,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1792 + Line number: 1798
  • diff --git a/docs/snyk/v2.8.0-rc6/argocd-test.html b/docs/snyk/v2.8.0-rc7/argocd-test.html similarity index 99% rename from docs/snyk/v2.8.0-rc6/argocd-test.html rename to docs/snyk/v2.8.0-rc7/argocd-test.html index 89e38498619bc..2f25d5827e745 100644 --- a/docs/snyk/v2.8.0-rc6/argocd-test.html +++ b/docs/snyk/v2.8.0-rc7/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:18:41 am (UTC+00:00)

    +

    August 6th 2023, 12:17:00 am (UTC+00:00)

    Scanned the following paths: @@ -468,7 +468,7 @@

    Snyk test report

    1 known vulnerabilities
    1 vulnerable dependency paths
    -
    1804 dependencies
    +
    1851 dependencies
    diff --git a/docs/snyk/v2.8.0-rc7/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.8.0-rc7/ghcr.io_dexidp_dex_v2.37.0.html new file mode 100644 index 0000000000000..918845d798a4f --- /dev/null +++ b/docs/snyk/v2.8.0-rc7/ghcr.io_dexidp_dex_v2.37.0.html @@ -0,0 +1,1079 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    August 6th 2023, 12:17:09 am (UTC+00:00)

    +
    +
    + Scanned the following paths: +
      +
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
    • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 (gomodules)
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
    • +
    +
    + +
    +
    4 known vulnerabilities
    +
    22 vulnerable dependency paths
    +
    786 dependencies
    +
    +
    +
    +
    + +
    +
    +
    +

    Improper Authentication

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

    +

    Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

    +

    The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

    +

    As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    +

    References

    + + +
    + + + +
    +
    +

    Inefficient Regular Expression Complexity

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

    +

    However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    +

    References

    + + +
    + + + +
    +
    +

    Cross-site Scripting (XSS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: golang +
    • +
    • + Vulnerable module: + + golang.org/x/net/html +
    • + +
    • Introduced through: + + github.com/dexidp/dex@* and golang.org/x/net/html@v0.11.0 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/dexidp/dex@* + + golang.org/x/net/html@v0.11.0 + + + +
    • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    +

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the render1() function in render.go. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be.

    +

    Details

    +

    A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

    +

    This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

    +

    Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

    +

    Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

    +

    The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

    +

    Types of attacks

    +

    There are a few methods by which XSS can be manipulated:

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    TypeOriginDescription
    StoredServerThe malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
    ReflectedServerThe attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
    DOM-basedClientThe attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
    MutatedThe attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.
    +

    Affected environments

    +

    The following environments are susceptible to an XSS attack:

    +
      +
    • Web servers
    • +
    • Application servers
    • +
    • Web application environments
    • +
    +

    How to prevent

    +

    This section describes the top best practices designed to specifically protect your code:

    +
      +
    • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
    • +
    • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
    • +
    • Give users the option to disable client-side scripts.
    • +
    • Redirect invalid requests.
    • +
    • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
    • +
    • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
    • +
    • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
    • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/html to version 0.13.0 or higher.

    +

    References

    + + +
    + + + +
    +
    +

    CVE-2023-3817

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    +

    References

    + + +
    + + + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.8.0-rc6/haproxy_2.6.14-alpine.html b/docs/snyk/v2.8.0-rc7/haproxy_2.6.14-alpine.html similarity index 75% rename from docs/snyk/v2.8.0-rc6/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.8.0-rc7/haproxy_2.6.14-alpine.html index 74514529f4f25..4afb600937e5f 100644 --- a/docs/snyk/v2.8.0-rc6/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.8.0-rc7/haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    July 30th 2023, 12:18:54 am (UTC+00:00)

    +

    August 6th 2023, 12:17:14 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    2 known vulnerabilities
    -
    18 vulnerable dependency paths
    +
    3 known vulnerabilities
    +
    27 vulnerable dependency paths
    18 dependencies

    @@ -833,6 +833,8 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org

  • @@ -842,6 +844,185 @@

    References

    +
    +

    CVE-2023-3817

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230615.052124 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    +

    References

    + + +
    + + + +
    diff --git a/docs/snyk/v2.7.9/quay.io_argoproj_argocd_v2.7.9.html b/docs/snyk/v2.8.0-rc7/quay.io_argoproj_argocd_v2.8.0-rc7.html similarity index 74% rename from docs/snyk/v2.7.9/quay.io_argoproj_argocd_v2.7.9.html rename to docs/snyk/v2.8.0-rc7/quay.io_argoproj_argocd_v2.8.0-rc7.html index e41d9a5bfa611..2419cd08f7c0a 100644 --- a/docs/snyk/v2.7.9/quay.io_argoproj_argocd_v2.7.9.html +++ b/docs/snyk/v2.8.0-rc7/quay.io_argoproj_argocd_v2.8.0-rc7.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,19 +456,19 @@

    Snyk test report

    -

    July 30th 2023, 12:22:03 am (UTC+00:00)

    +

    August 6th 2023, 12:17:35 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.7.9/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.7.9/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.7.9/kustomize/kustomize/v5 (gomodules)
    • quay.io/argoproj/argocd:v2.7.9/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.7.9/git-lfs/git-lfs (gomodules)
    • +
    • quay.io/argoproj/argocd:v2.8.0-rc7/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.8.0-rc7/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.8.0-rc7/kustomize/kustomize/v5 (gomodules)
    • quay.io/argoproj/argocd:v2.8.0-rc7/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.8.0-rc7/git-lfs/git-lfs (gomodules)
    -
    21 known vulnerabilities
    -
    103 vulnerable dependency paths
    -
    2066 dependencies
    +
    17 known vulnerabilities
    +
    74 vulnerable dependency paths
    +
    2117 dependencies
    @@ -493,12 +493,12 @@

    Denial of Service (DoS)

  • Vulnerable module: - golang.org/x/net/http2/hpack + nhooyr.io/websocket
  • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2/hpack@v0.5.0 + github.com/argoproj/argo-cd/v2@* and nhooyr.io/websocket@v1.8.6
  • @@ -511,9 +511,9 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + github.com/argoproj/argo-cd/v2@* - golang.org/x/net/http2/hpack@v0.5.0 + nhooyr.io/websocket@v1.8.6 @@ -525,7 +525,10 @@

      Detailed paths


      Overview

      -

      Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

      +

      nhooyr.io/websocket is a minimal and idiomatic WebSocket library for Go.

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS). A double channel close panic is possible if a peer sent back multiple pongs for every ping. + If the second pong arrived before the ping goroutine deleted its channel from the map, the channel would be closed twice and a panic would + occur.

      Details

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      @@ -539,274 +542,22 @@

      Details

    Remediation

    -

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    +

    Upgrade nhooyr.io/websocket to version 1.8.7 or higher.

    References


    - - -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
    • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
    • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.5.0 - - - -
    • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -
    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
    • -
    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
    • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

    -

    References

    - - -
    - - - -
    -
    -

    Improper Validation of Integrity Check Value

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - systemd/libsystemd0 -
    • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.9 and systemd/libsystemd0@249.11-0ubuntu3.9 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - apt@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - procps/libprocps8@2:3.3.17-6ubuntu2 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - util-linux@2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - util-linux/bsdutils@1:2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - libfido2/libfido2-1@1.10.0-1 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - util-linux@2.37.2-4ubuntu3 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ** DISPUTED ** An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 systemd.

    -

    References

    - - -
    - -
    -

    Improper Validation of Integrity Check Value

    +

    CVE-2023-4016

    @@ -822,12 +573,12 @@

    Improper Validation of Integrity Check Value

  • Vulnerable module: - systemd/libsystemd0 + procps/libprocps8
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 and systemd/libsystemd0@249.11-0ubuntu3.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and procps/libprocps8@2:3.3.17-6ubuntu2
  • @@ -840,349 +591,29 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - apt@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 procps/libprocps8@2:3.3.17-6ubuntu2 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - util-linux@2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - util-linux/bsdutils@1:2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - libfido2/libfido2-1@1.10.0-1 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - util-linux@2.37.2-4ubuntu3 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 systemd.

    -

    References

    - - -
    - - - -
    -
    -

    Improper Validation of Integrity Check Value

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - systemd/libsystemd0 -
    • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.9 and systemd/libsystemd0@249.11-0ubuntu3.9 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - systemd/libsystemd0@249.11-0ubuntu3.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - apt@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + procps@2:3.3.17-6ubuntu2 procps/libprocps8@2:3.3.17-6ubuntu2 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - util-linux@2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - util-linux/bsdutils@1:2.37.2-4ubuntu3 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - libfido2/libfido2-1@1.10.0-1 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - util-linux@2.37.2-4ubuntu3 - - systemd/libudev1@249.11-0ubuntu3.9 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libudev1@249.11-0ubuntu3.9
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 systemd.

    -

    References

    - - -
    - - - -
    -
    -

    CVE-2023-38408

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - openssh/openssh-client -
    • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.9 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
    • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + procps@2:3.3.17-6ubuntu2 @@ -1194,34 +625,21 @@

      Detailed paths


      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream procps package and not the procps package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

      +

      Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

      Remediation

      -

      Upgrade Ubuntu:22.04 openssh to version 1:8.9p1-3ubuntu0.3 or higher.

      +

      There is no fixed version for Ubuntu:22.04 procps.

      References


    @@ -1248,7 +666,7 @@

    CVE-2022-46908

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
  • @@ -1260,7 +678,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1319,7 +737,7 @@

      Arbitrary Code Injection

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 and shadow/passwd@1:4.8.1-2ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and shadow/passwd@1:4.8.1-2ubuntu2.1
    @@ -1332,7 +750,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1341,7 +759,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 adduser@3.118ubuntu5 @@ -1352,9 +770,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.3 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1363,7 +781,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 shadow/login@1:4.8.1-2ubuntu2.1 @@ -1420,7 +838,7 @@

      Uncontrolled Recursion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -1433,7 +851,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1442,7 +860,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 grep@3.7-1build1 @@ -1504,7 +922,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and patch@2.7.6-7build2
    @@ -1517,7 +935,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 patch@2.7.6-7build2 @@ -1571,7 +989,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and patch@2.7.6-7build2
    @@ -1584,7 +1002,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 patch@2.7.6-7build2 @@ -1643,7 +1061,7 @@

      Improper Authentication

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 and openssl/libssl3@3.0.2-0ubuntu1.10 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and openssl/libssl3@3.0.2-0ubuntu1.10
    @@ -1656,7 +1074,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 openssl/libssl3@3.0.2-0ubuntu1.10 @@ -1665,7 +1083,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 @@ -1676,7 +1094,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 libfido2/libfido2-1@1.10.0-1 @@ -1687,9 +1105,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.3 openssl/libssl3@3.0.2-0ubuntu1.10 @@ -1698,7 +1116,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 ca-certificates@20230311ubuntu0.22.04.1 @@ -1711,7 +1129,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 git@1:2.34.1-1ubuntu1.9 @@ -1726,7 +1144,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 adduser@3.118ubuntu5 @@ -1749,7 +1167,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 openssl@3.0.2-0ubuntu1.10 @@ -1758,7 +1176,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 ca-certificates@20230311ubuntu0.22.04.1 @@ -1835,7 +1253,7 @@

      CVE-2023-28531

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and openssh/openssh-client@1:8.9p1-3ubuntu0.3
    @@ -1848,9 +1266,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.3 @@ -1905,7 +1323,7 @@

      NULL Pointer Dereference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
    @@ -1917,33 +1335,33 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/dirmngr@2.2.27-3ubuntu2.1 - openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 + openldap/libldap-2.5-0@2.5.15+dfsg-0ubuntu0.22.04.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 + openldap/libldap-2.5-0@2.5.15+dfsg-0ubuntu0.22.04.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 + openldap/libldap-common@2.5.15+dfsg-0ubuntu0.22.04.1 @@ -2004,7 +1422,7 @@

      Resource Exhaustion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9, meta-common-packages@meta and others + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7, meta-common-packages@meta and others
    @@ -2016,7 +1434,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 meta-common-packages@meta @@ -2073,7 +1491,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.2 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and krb5/libk5crypto3@1.19.2-2ubuntu0.2
    @@ -2086,7 +1504,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 krb5/libk5crypto3@1.19.2-2ubuntu0.2 @@ -2095,7 +1513,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 adduser@3.118ubuntu5 @@ -2116,7 +1534,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 adduser@3.118ubuntu5 @@ -2139,7 +1557,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 krb5/libkrb5-3@1.19.2-2ubuntu0.2 @@ -2148,7 +1566,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 adduser@3.118ubuntu5 @@ -2169,7 +1587,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2178,9 +1596,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.3 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2189,7 +1607,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 git@1:2.34.1-1ubuntu1.9 @@ -2202,7 +1620,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 git@1:2.34.1-1ubuntu1.9 @@ -2217,7 +1635,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 adduser@3.118ubuntu5 @@ -2236,7 +1654,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 meta-common-packages@meta @@ -2295,7 +1713,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2308,7 +1726,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2317,7 +1735,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 apt@2.4.9 @@ -2328,7 +1746,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2339,7 +1757,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2350,7 +1768,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2361,7 +1779,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2374,7 +1792,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2387,7 +1805,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2396,7 +1814,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2407,7 +1825,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2420,7 +1838,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2429,7 +1847,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2440,7 +1858,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2449,7 +1867,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2460,7 +1878,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2469,7 +1887,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2480,7 +1898,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2493,7 +1911,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2506,7 +1924,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2515,7 +1933,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2526,7 +1944,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2539,7 +1957,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2552,7 +1970,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2561,7 +1979,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2572,7 +1990,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2581,7 +1999,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2592,7 +2010,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2601,7 +2019,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2612,7 +2030,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2671,7 +2089,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -2684,7 +2102,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 glibc/libc-bin@2.35-0ubuntu3.1 @@ -2693,7 +2111,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 meta-common-packages@meta @@ -2752,7 +2170,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9, git@1:2.34.1-1ubuntu1.9 and others + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7, git@1:2.34.1-1ubuntu1.9 and others
    @@ -2764,7 +2182,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 git@1:2.34.1-1ubuntu1.9 @@ -2775,7 +2193,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 git@1:2.34.1-1ubuntu1.9 @@ -2784,7 +2202,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 git-lfs@3.0.2-1ubuntu0.2 @@ -2841,7 +2259,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and coreutils@8.32-4.1ubuntu1
    @@ -2854,7 +2272,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 coreutils@8.32-4.1ubuntu1 @@ -2911,7 +2329,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and bash@5.1-6ubuntu1
    @@ -2924,7 +2342,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.9 + docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.8.0-rc6/redis_7.0.11-alpine.html b/docs/snyk/v2.8.0-rc7/redis_7.0.11-alpine.html similarity index 75% rename from docs/snyk/v2.8.0-rc6/redis_7.0.11-alpine.html rename to docs/snyk/v2.8.0-rc7/redis_7.0.11-alpine.html index df0c944b6ad3b..609f13a881840 100644 --- a/docs/snyk/v2.8.0-rc6/redis_7.0.11-alpine.html +++ b/docs/snyk/v2.8.0-rc7/redis_7.0.11-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

      Snyk test report

      -

      July 30th 2023, 12:19:21 am (UTC+00:00)

      +

      August 6th 2023, 12:17:39 am (UTC+00:00)

      Scanned the following path: @@ -466,8 +466,8 @@

      Snyk test report

      -
      2 known vulnerabilities
      -
      18 vulnerable dependency paths
      +
      3 known vulnerabilities
      +
      27 vulnerable dependency paths
      18 dependencies
    @@ -833,6 +833,8 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org
  • +
  • openssl-security@openssl.org

  • @@ -842,6 +844,185 @@

    References

    +
    +

    CVE-2023-3817

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
    • +
    • + Vulnerable module: + + openssl/libcrypto3 +
    • + +
    • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
    • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

    +

    The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

    +

    An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

    +

    The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

    +

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    +

    References

    + + +
    + + + +
    From 8068be628d955192d27fb28bba8f55e01c6a45a3 Mon Sep 17 00:00:00 2001 From: Vipin M S <40431065+vipinachar@users.noreply.github.com> Date: Tue, 8 Aug 2023 01:51:11 +0530 Subject: [PATCH 098/105] chore: give context to error logs (#10592) (#14915) * chore: wrap error objects to include context Signed-off-by: Vipin M S * chore: wrap error objects to include context Signed-off-by: Vipin M S * chore: wrap error objects to include context Signed-off-by: Vipin M S * chore: wrap error objects to include context Signed-off-by: Vipin M S * Update applicationset/controllers/applicationset_controller.go Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Vipin M S Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- .../controllers/applicationset_controller.go | 4 ++-- applicationset/generators/duck_type.go | 4 ++-- .../generators/generator_spec_processor.go | 2 +- applicationset/generators/matrix.go | 4 ++-- applicationset/generators/merge.go | 2 +- applicationset/generators/plugin.go | 2 +- applicationset/services/repo_service.go | 8 ++++---- util/settings/settings.go | 16 ++++++++-------- util/tls/tls.go | 4 ++-- util/tls/tls_test.go | 4 ++-- 10 files changed, 25 insertions(+), 25 deletions(-) diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go index 1914783c4c79e..8b31f0a1e95a4 100644 --- a/applicationset/controllers/applicationset_controller.go +++ b/applicationset/controllers/applicationset_controller.go @@ -448,7 +448,7 @@ func (r *ApplicationSetReconciler) validateGeneratedApplications(ctx context.Con conditions, err := argoutil.ValidatePermissions(ctx, &app.Spec, proj, r.ArgoDB) if err != nil { - return nil, err + return nil, fmt.Errorf("error validating permissions: %s", err) } if len(conditions) > 0 { errorsByIndex[i] = fmt.Errorf("application spec is invalid: %s", argoutil.FormatAppConditions(conditions)) @@ -692,7 +692,7 @@ func (r *ApplicationSetReconciler) getCurrentApplications(_ context.Context, app err := r.Client.List(context.Background(), ¤t, client.MatchingFields{".metadata.controller": applicationSet.Name}) if err != nil { - return nil, err + return nil, fmt.Errorf("error retrieving applications: %w", err) } return current.Items, nil diff --git a/applicationset/generators/duck_type.go b/applicationset/generators/duck_type.go index cdd13e8aeaf7a..f98afd0e01381 100644 --- a/applicationset/generators/duck_type.go +++ b/applicationset/generators/duck_type.go @@ -74,7 +74,7 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A // ListCluster from Argo CD's util/db package will include the local cluster in the list of clusters clustersFromArgoCD, err := utils.ListClusters(g.ctx, g.clientset, g.namespace) if err != nil { - return nil, err + return nil, fmt.Errorf("error listing clusters: %w", err) } if clustersFromArgoCD == nil { @@ -85,7 +85,7 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A cm, err := g.clientset.CoreV1().ConfigMaps(g.namespace).Get(g.ctx, appSetGenerator.ClusterDecisionResource.ConfigMapRef, metav1.GetOptions{}) if err != nil { - return nil, err + return nil, fmt.Errorf("error reading configMapRef: %w", err) } // Extract GVK data for the dynamic client to use diff --git a/applicationset/generators/generator_spec_processor.go b/applicationset/generators/generator_spec_processor.go index a6af3ae8c45cd..447e99d83ab37 100644 --- a/applicationset/generators/generator_spec_processor.go +++ b/applicationset/generators/generator_spec_processor.go @@ -125,7 +125,7 @@ func GetRelevantGenerators(requestedGenerator *argoprojiov1alpha1.ApplicationSet func flattenParameters(in map[string]interface{}) (map[string]string, error) { flat, err := flatten.Flatten(in, "", flatten.DotStyle) if err != nil { - return nil, err + return nil, fmt.Errorf("error flatenning parameters: %w", err) } out := make(map[string]string, len(flat)) diff --git a/applicationset/generators/matrix.go b/applicationset/generators/matrix.go index 2d5d18c8a203c..e4d1b74cb7ecc 100644 --- a/applicationset/generators/matrix.go +++ b/applicationset/generators/matrix.go @@ -50,7 +50,7 @@ func (m *MatrixGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.App g0, err := m.getParams(appSetGenerator.Matrix.Generators[0], appSet, nil) if err != nil { - return nil, err + return nil, fmt.Errorf("error failed to get params for first generator in matrix generator: %w", err) } for _, a := range g0 { g1, err := m.getParams(appSetGenerator.Matrix.Generators[1], appSet, a) @@ -94,7 +94,7 @@ func (m *MatrixGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.Appli } mergeGen, err := getMergeGenerator(appSetBaseGenerator) if err != nil { - return nil, err + return nil, fmt.Errorf("error retrieving merge generator: %w", err) } if mergeGen != nil && !appSet.Spec.ApplyNestedSelectors { foundSelector := dropDisabledNestedSelectors(mergeGen.Generators) diff --git a/applicationset/generators/merge.go b/applicationset/generators/merge.go index 6d79925e5d61a..c53a10e4e8090 100644 --- a/applicationset/generators/merge.go +++ b/applicationset/generators/merge.go @@ -234,7 +234,7 @@ func getMergeGenerator(r argoprojiov1alpha1.ApplicationSetNestedGenerator) (*arg } merge, err := argoprojiov1alpha1.ToNestedMergeGenerator(r.Merge) if err != nil { - return nil, err + return nil, fmt.Errorf("error converting to nested merge generator: %w", err) } return merge.ToMergeGenerator(), nil } diff --git a/applicationset/generators/plugin.go b/applicationset/generators/plugin.go index 9876d0ff93a2a..3448d0967369c 100644 --- a/applicationset/generators/plugin.go +++ b/applicationset/generators/plugin.go @@ -81,7 +81,7 @@ func (g *PluginGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.App res, err := g.generateParams(appSetGenerator, applicationSetInfo, list.Output.Parameters, appSetGenerator.Plugin.Input.Parameters, applicationSetInfo.Spec.GoTemplate) if err != nil { - return nil, err + return nil, fmt.Errorf("error generating params: %w", err) } return res, nil diff --git a/applicationset/services/repo_service.go b/applicationset/services/repo_service.go index 6697756a54af1..8ad261fda11cd 100644 --- a/applicationset/services/repo_service.go +++ b/applicationset/services/repo_service.go @@ -58,13 +58,13 @@ func (a *argoCDService) GetFiles(ctx context.Context, repoURL string, revision s } closer, client, err := a.repoServerClientSet.NewRepoServerClient() if err != nil { - return nil, err + return nil, fmt.Errorf("error initialising new repo server client: %w", err) } defer io.Close(closer) fileResponse, err := client.GetGitFiles(ctx, fileRequest) if err != nil { - return nil, err + return nil, fmt.Errorf("error retrieving Git files: %w", err) } return fileResponse.GetMap(), nil } @@ -83,13 +83,13 @@ func (a *argoCDService) GetDirectories(ctx context.Context, repoURL string, revi closer, client, err := a.repoServerClientSet.NewRepoServerClient() if err != nil { - return nil, err + return nil, fmt.Errorf("error initialising new repo server client: %w", err) } defer io.Close(closer) dirResponse, err := client.GetGitDirectories(ctx, dirRequest) if err != nil { - return nil, err + return nil, fmt.Errorf("error retrieving Git Directories: %w", err) } return dirResponse.GetPaths(), nil diff --git a/util/settings/settings.go b/util/settings/settings.go index e01e950ca2e29..a9d49b78cd5df 100644 --- a/util/settings/settings.go +++ b/util/settings/settings.go @@ -820,7 +820,7 @@ func (mgr *SettingsManager) GetIgnoreResourceUpdatesOverrides() (map[string]v1al func (mgr *SettingsManager) GetIsIgnoreResourceUpdatesEnabled() (bool, error) { argoCDCM, err := mgr.getConfigMap() if err != nil { - return false, err + return false, fmt.Errorf("error retrieving config map: %w", err) } if argoCDCM.Data[resourceIgnoreResourceUpdatesEnabledKey] == "" { @@ -834,7 +834,7 @@ func (mgr *SettingsManager) GetIsIgnoreResourceUpdatesEnabled() (bool, error) { func (mgr *SettingsManager) GetResourceOverrides() (map[string]v1alpha1.ResourceOverride, error) { argoCDCM, err := mgr.getConfigMap() if err != nil { - return nil, err + return nil, fmt.Errorf("error retrieving config map: %w", err) } resourceOverrides := map[string]v1alpha1.ResourceOverride{} if value, ok := argoCDCM.Data[resourceCustomizationsKey]; ok && value != "" { @@ -1088,14 +1088,14 @@ func addKustomizeVersion(prefix, name, path string, kvMap map[string]KustomizeVe func (mgr *SettingsManager) GetHelmRepositories() ([]HelmRepoCredentials, error) { argoCDCM, err := mgr.getConfigMap() if err != nil { - return nil, err + return nil, fmt.Errorf("error retrieving config map: %w", err) } helmRepositories := make([]HelmRepoCredentials, 0) helmRepositoriesStr := argoCDCM.Data[helmRepositoriesKey] if helmRepositoriesStr != "" { err := yaml.Unmarshal([]byte(helmRepositoriesStr), &helmRepositories) if err != nil { - return nil, err + return nil, fmt.Errorf("error unmarshalling helm repositories: %w", err) } } return helmRepositories, nil @@ -1173,7 +1173,7 @@ func (mgr *SettingsManager) GetRepositoryCredentials() ([]RepositoryCredentials, // Get the config map outside of the lock argoCDCM, err := mgr.getConfigMap() if err != nil { - return nil, err + return nil, fmt.Errorf("error retrieving config map: %w", err) } mgr.mutex.Lock() @@ -1194,7 +1194,7 @@ func (mgr *SettingsManager) GetRepositoryCredentials() ([]RepositoryCredentials, func (mgr *SettingsManager) GetGoogleAnalytics() (*GoogleAnalytics, error) { argoCDCM, err := mgr.getConfigMap() if err != nil { - return nil, err + return nil, fmt.Errorf("error retrieving config map: %w", err) } return &GoogleAnalytics{ TrackingID: argoCDCM.Data[gaTrackingID], @@ -1205,7 +1205,7 @@ func (mgr *SettingsManager) GetGoogleAnalytics() (*GoogleAnalytics, error) { func (mgr *SettingsManager) GetHelp() (*Help, error) { argoCDCM, err := mgr.getConfigMap() if err != nil { - return nil, err + return nil, fmt.Errorf("error retrieving config map: %w", err) } chatText, ok := argoCDCM.Data[helpChatText] if !ok { @@ -1957,7 +1957,7 @@ func (mgr *SettingsManager) InitializeSettings(insecureModeEnabled bool) (*ArgoC // set JWT signature signature, err := util.MakeSignature(32) if err != nil { - return nil, err + return nil, fmt.Errorf("error setting JWT signature: %w", err) } cdSettings.ServerSignature = signature log.Info("Initialized server signature") diff --git a/util/tls/tls.go b/util/tls/tls.go index d963eed55cee7..938c386d75618 100644 --- a/util/tls/tls.go +++ b/util/tls/tls.go @@ -309,7 +309,7 @@ func generatePEM(opts CertOptions) ([]byte, []byte, error) { func GenerateX509KeyPair(opts CertOptions) (*tls.Certificate, error) { certpem, keypem, err := generatePEM(opts) if err != nil { - return nil, err + return nil, fmt.Errorf("error generating X509 key pair: %w", err) } cert, err := tls.X509KeyPair(certpem, keypem) if err != nil { @@ -420,7 +420,7 @@ func CreateServerTLSConfig(tlsCertPath, tlsKeyPath string, hosts []string) (*tls IsCA: false, }) if err != nil { - return nil, err + return nil, fmt.Errorf("error generating X509 key pair: %w", err) } cert = c } else { diff --git a/util/tls/tls_test.go b/util/tls/tls_test.go index 69d8dc2e2e757..f103d035a964d 100644 --- a/util/tls/tls_test.go +++ b/util/tls/tls_test.go @@ -405,7 +405,7 @@ func getCert(pemCerts []byte) (*x509.Certificate, error) { certBytes := block.Bytes cert, err := x509.ParseCertificate(certBytes) if err != nil { - return nil, err + return nil, fmt.Errorf("error parsing certificate: %w", err) } return cert, nil } @@ -413,7 +413,7 @@ func getCert(pemCerts []byte) (*x509.Certificate, error) { func getCertFromFile(path string) (*x509.Certificate, error) { certBytes, err := os.ReadFile(path) if err != nil { - return nil, err + return nil, fmt.Errorf("error reading file: %w", err) } return getCert(certBytes) } From ab9bfd6dd700913e38d281b5ff44c6d45c0154cf Mon Sep 17 00:00:00 2001 From: Prune Sebastien THOMAS Date: Tue, 8 Aug 2023 10:01:11 -0400 Subject: [PATCH 099/105] feat(appset): Add SCM Provider option for Gitlab generator to filter shared projects from subgroups projects (#14831) * added option to disable gitlab to fetch shared project from a subgroup Signed-off-by: Prune * Correct gitlab SCM provider mock test Signed-off-by: Prune * updated test to validate shared-groups Signed-off-by: Prune * reworked shared project tests Signed-off-by: Prune * added subgroups only test Signed-off-by: Prune --------- Signed-off-by: Prune --- applicationset/generators/scm_provider.go | 2 +- .../services/scm_provider/gitlab.go | 16 +- .../services/scm_provider/gitlab_test.go | 645 +++++++- assets/swagger.json | 4 + .../applicationset/Generators-SCM-Provider.md | 4 + manifests/core-install.yaml | 6 + manifests/crds/applicationset-crd.yaml | 6 + manifests/ha/install.yaml | 6 + manifests/install.yaml | 6 + .../v1alpha1/applicationset_types.go | 6 + .../v1alpha1/applicationset_types_test.go | 12 + pkg/apis/application/v1alpha1/generated.pb.go | 1366 +++++++++-------- pkg/apis/application/v1alpha1/generated.proto | 3 + .../application/v1alpha1/openapi_generated.go | 7 + .../v1alpha1/zz_generated.deepcopy.go | 5 + 15 files changed, 1413 insertions(+), 681 deletions(-) diff --git a/applicationset/generators/scm_provider.go b/applicationset/generators/scm_provider.go index 67ea279b3fb39..69e45a3f40834 100644 --- a/applicationset/generators/scm_provider.go +++ b/applicationset/generators/scm_provider.go @@ -118,7 +118,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha if err != nil { return nil, fmt.Errorf("error fetching Gitlab token: %v", err) } - provider, err = scm_provider.NewGitlabProvider(ctx, providerConfig.Gitlab.Group, token, providerConfig.Gitlab.API, providerConfig.Gitlab.AllBranches, providerConfig.Gitlab.IncludeSubgroups, providerConfig.Gitlab.Insecure, g.scmRootCAPath) + provider, err = scm_provider.NewGitlabProvider(ctx, providerConfig.Gitlab.Group, token, providerConfig.Gitlab.API, providerConfig.Gitlab.AllBranches, providerConfig.Gitlab.IncludeSubgroups, providerConfig.Gitlab.WillIncludeSharedProjects(), providerConfig.Gitlab.Insecure, g.scmRootCAPath) if err != nil { return nil, fmt.Errorf("error initializing Gitlab service: %v", err) } diff --git a/applicationset/services/scm_provider/gitlab.go b/applicationset/services/scm_provider/gitlab.go index ac3d5668d327c..b759f0fbec91e 100644 --- a/applicationset/services/scm_provider/gitlab.go +++ b/applicationset/services/scm_provider/gitlab.go @@ -13,15 +13,16 @@ import ( ) type GitlabProvider struct { - client *gitlab.Client - organization string - allBranches bool - includeSubgroups bool + client *gitlab.Client + organization string + allBranches bool + includeSubgroups bool + includeSharedProjects bool } var _ SCMProviderService = &GitlabProvider{} -func NewGitlabProvider(ctx context.Context, organization string, token string, url string, allBranches, includeSubgroups, insecure bool, scmRootCAPath string) (*GitlabProvider, error) { +func NewGitlabProvider(ctx context.Context, organization string, token string, url string, allBranches, includeSubgroups, includeSharedProjects, insecure bool, scmRootCAPath string) (*GitlabProvider, error) { // Undocumented environment variable to set a default token, to be used in testing to dodge anonymous rate limits. if token == "" { token = os.Getenv("GITLAB_TOKEN") @@ -47,7 +48,8 @@ func NewGitlabProvider(ctx context.Context, organization string, token string, u return nil, err } } - return &GitlabProvider{client: client, organization: organization, allBranches: allBranches, includeSubgroups: includeSubgroups}, nil + + return &GitlabProvider{client: client, organization: organization, allBranches: allBranches, includeSubgroups: includeSubgroups, includeSharedProjects: includeSharedProjects}, nil } func (g *GitlabProvider) GetBranches(ctx context.Context, repo *Repository) ([]*Repository, error) { @@ -75,7 +77,9 @@ func (g *GitlabProvider) ListRepos(ctx context.Context, cloneProtocol string) ([ opt := &gitlab.ListGroupProjectsOptions{ ListOptions: gitlab.ListOptions{PerPage: 100}, IncludeSubGroups: &g.includeSubgroups, + WithShared: &g.includeSharedProjects, } + repos := []*Repository{} for { gitlabRepos, resp, err := g.client.Groups.ListGroupProjects(g.organization, opt) diff --git a/applicationset/services/scm_provider/gitlab_test.go b/applicationset/services/scm_provider/gitlab_test.go index 6611669ba4941..5b284d90f0420 100644 --- a/applicationset/services/scm_provider/gitlab_test.go +++ b/applicationset/services/scm_provider/gitlab_test.go @@ -19,7 +19,7 @@ func gitlabMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { switch r.RequestURI { case "/api/v4": fmt.Println("here1") - case "/api/v4/groups/test-argocd-proton/projects?include_subgroups=false&per_page=100": + case "/api/v4/groups/test-argocd-proton/projects?include_subgroups=false&per_page=100", "/api/v4/groups/test-argocd-proton/projects?include_subgroups=false&per_page=100&with_shared=false": fmt.Println("here") _, err := io.WriteString(w, `[{ "id": 27084533, @@ -143,6 +143,501 @@ func gitlabMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { if err != nil { t.Fail() } + case "/api/v4/groups/test-argocd-proton/projects?include_subgroups=true&per_page=100&with_shared=false": + fmt.Println("here") + _, err := io.WriteString(w, `[{ + "id": 27084533, + "description": "", + "name": "argocd", + "name_with_namespace": "test argocd proton / argocd", + "path": "argocd", + "path_with_namespace": "test-argocd-proton/argocd", + "created_at": "2021-06-01T17:30:44.724Z", + "default_branch": "master", + "tag_list": [], + "topics": [], + "ssh_url_to_repo": "git@gitlab.com:test-argocd-proton/argocd.git", + "http_url_to_repo": "https://gitlab.com/test-argocd-proton/argocd.git", + "web_url": "https://gitlab.com/test-argocd-proton/argocd", + "readme_url": null, + "avatar_url": null, + "forks_count": 0, + "star_count": 0, + "last_activity_at": "2021-06-04T08:19:51.656Z", + "namespace": { + "id": 12258515, + "name": "test argocd proton", + "path": "test-argocd-proton", + "kind": "gro* Connection #0 to host gitlab.com left intact up ", + "full_path ": "test - argocd - proton ", + "parent_id ": null, + "avatar_url ": null, + "web_url ": "https: //gitlab.com/groups/test-argocd-proton" + }, + "container_registry_image_prefix": "registry.gitlab.com/test-argocd-proton/argocd", + "_links": { + "self": "https://gitlab.com/api/v4/projects/27084533", + "issues": "https://gitlab.com/api/v4/projects/27084533/issues", + "merge_requests": "https://gitlab.com/api/v4/projects/27084533/merge_requests", + "repo_branches": "https://gitlab.com/api/v4/projects/27084533/repository/branches", + "labels": "https://gitlab.com/api/v4/projects/27084533/labels", + "events": "https://gitlab.com/api/v4/projects/27084533/events", + "members": "https://gitlab.com/api/v4/projects/27084533/members", + "cluster_agents": "https://gitlab.com/api/v4/projects/27084533/cluster_agents" + }, + "packages_enabled": true, + "empty_repo": false, + "archived": false, + "visibility": "public", + "resolve_outdated_diff_discussions": false, + "container_expiration_policy": { + "cadence": "1d", + "enabled": false, + "keep_n": 10, + "older_than": "90d", + "name_regex": ".*", + "name_regex_keep": null, + "next_run_at": "2021-06-02T17:30:44.740Z" + }, + "issues_enabled": true, + "merge_requests_enabled": true, + "wiki_enabled": true, + "jobs_enabled": true, + "snippets_enabled": true, + "container_registry_enabled": true, + "service_desk_enabled": true, + "can_create_merge_request_in": false, + "issues_access_level": "enabled", + "repository_access_level": "enabled", + "merge_requests_access_level": "enabled", + "forking_access_level": "enabled", + "wiki_access_level": "enabled", + "builds_access_level": "enabled", + "snippets_access_level": "enabled", + "pages_access_level": "enabled", + "operations_access_level": "enabled", + "analytics_access_level": "enabled", + "container_registry_access_level": "enabled", + "security_and_compliance_access_level": "private", + "emails_disabled": null, + "shared_runners_enabled": true, + "lfs_enabled": true, + "creator_id": 2378866, + "import_status": "none", + "open_issues_count": 0, + "ci_default_git_depth": 50, + "ci_forward_deployment_enabled": true, + "ci_job_token_scope_enabled": false, + "public_jobs": true, + "build_timeout": 3600, + "auto_cancel_pending_pipelines": "enabled", + "ci_config_path": "", + "shared_with_groups": [], + "only_allow_merge_if_pipeline_succeeds": false, + "allow_merge_on_skipped_pipeline": null, + "restrict_user_defined_variables": false, + "request_access_enabled": true, + "only_allow_merge_if_all_discussions_are_resolved": false, + "remove_source_branch_after_merge": true, + "printing_merge_request_link_enabled": true, + "merge_method": "merge", + "squash_option": "default_off", + "suggestion_commit_message": null, + "merge_commit_template": null, + "squash_commit_template": null, + "auto_devops_enabled": false, + "auto_devops_deploy_strategy": "continuous", + "autoclose_referenced_issues": true, + "keep_latest_artifact": true, + "runner_token_expiration_interval": null, + "approvals_before_merge": 0, + "mirror": false, + "external_authorization_classification_label": "", + "marked_for_deletion_at": null, + "marked_for_deletion_on": null, + "requirements_enabled": true, + "requirements_access_level": "enabled", + "security_and_compliance_enabled": false, + "compliance_frameworks": [], + "issues_template": null, + "merge_requests_template": null, + "merge_pipelines_enabled": false, + "merge_trains_enabled": false + }, + { + "id": 27084538, + "description": "This is a Project from a Subgroup", + "name": "argocd-subgroup", + "name_with_namespace": "test argocd proton / subgroup / argocd-subgroup", + "path": "argocd-subgroup", + "path_with_namespace": "test-argocd-proton/subgroup/argocd-subgroup", + "created_at": "2021-06-01T17:30:44.724Z", + "default_branch": "master", + "tag_list": [], + "topics": [], + "ssh_url_to_repo": "git@gitlab.com:test-argocd-proton/subgroup/argocd-subgroup.git", + "http_url_to_repo": "https://gitlab.com/test-argocd-proton/subgroup/argocd-subgroup.git", + "web_url": "https://gitlab.com/test-argocd-proton/subgroup/argocd-subgroup", + "readme_url": null, + "avatar_url": null, + "forks_count": 0, + "star_count": 0, + "last_activity_at": "2021-06-04T08:19:51.656Z", + "namespace": { + "id": 12258542, + "name": "subgroup", + "path": "subgroup", + "kind": "group ", + "full_path ": "test-argocd-proton/subgroup", + "parent_id ": 12258515, + "avatar_url ": null, + "web_url ": "https: //gitlab.com/groups/test-argocd-proton/subgroup" + }, + "container_registry_image_prefix": "registry.gitlab.com/test-argocd-proton/subgroup/argocd", + "_links": { + "self": "https://gitlab.com/api/v4/projects/27084538", + "issues": "https://gitlab.com/api/v4/projects/27084538/issues", + "merge_requests": "https://gitlab.com/api/v4/projects/27084538/merge_requests", + "repo_branches": "https://gitlab.com/api/v4/projects/27084538/repository/branches", + "labels": "https://gitlab.com/api/v4/projects/27084538/labels", + "events": "https://gitlab.com/api/v4/projects/27084538/events", + "members": "https://gitlab.com/api/v4/projects/27084538/members", + "cluster_agents": "https://gitlab.com/api/v4/projects/27084538/cluster_agents" + }, + "packages_enabled": true, + "empty_repo": false, + "archived": false, + "visibility": "public", + "resolve_outdated_diff_discussions": false, + "container_expiration_policy": { + "cadence": "1d", + "enabled": false, + "keep_n": 10, + "older_than": "90d", + "name_regex": ".*", + "name_regex_keep": null, + "next_run_at": "2021-06-02T17:30:44.740Z" + }, + "issues_enabled": true, + "merge_requests_enabled": true, + "wiki_enabled": true, + "jobs_enabled": true, + "snippets_enabled": true, + "container_registry_enabled": true, + "service_desk_enabled": true, + "can_create_merge_request_in": false, + "issues_access_level": "enabled", + "repository_access_level": "enabled", + "merge_requests_access_level": "enabled", + "forking_access_level": "enabled", + "wiki_access_level": "enabled", + "builds_access_level": "enabled", + "snippets_access_level": "enabled", + "pages_access_level": "enabled", + "operations_access_level": "enabled", + "analytics_access_level": "enabled", + "container_registry_access_level": "enabled", + "security_and_compliance_access_level": "private", + "emails_disabled": null, + "shared_runners_enabled": true, + "lfs_enabled": true, + "creator_id": 2378866, + "import_status": "none", + "open_issues_count": 0, + "ci_default_git_depth": 50, + "ci_forward_deployment_enabled": true, + "ci_job_token_scope_enabled": false, + "public_jobs": true, + "build_timeout": 3600, + "auto_cancel_pending_pipelines": "enabled", + "ci_config_path": "", + "shared_with_groups": [], + "only_allow_merge_if_pipeline_succeeds": false, + "allow_merge_on_skipped_pipeline": null, + "restrict_user_defined_variables": false, + "request_access_enabled": true, + "only_allow_merge_if_all_discussions_are_resolved": false, + "remove_source_branch_after_merge": true, + "printing_merge_request_link_enabled": true, + "merge_method": "merge", + "squash_option": "default_off", + "suggestion_commit_message": null, + "merge_commit_template": null, + "squash_commit_template": null, + "auto_devops_enabled": false, + "auto_devops_deploy_strategy": "continuous", + "autoclose_referenced_issues": true, + "keep_latest_artifact": true, + "runner_token_expiration_interval": null, + "approvals_before_merge": 0, + "mirror": false, + "external_authorization_classification_label": "", + "marked_for_deletion_at": null, + "marked_for_deletion_on": null, + "requirements_enabled": true, + "requirements_access_level": "enabled", + "security_and_compliance_enabled": false, + "compliance_frameworks": [], + "issues_template": null, + "merge_requests_template": null, + "merge_pipelines_enabled": false, + "merge_trains_enabled": false + } + ]`) + if err != nil { + t.Fail() + } + case "/api/v4/groups/test-argocd-proton/projects?include_subgroups=true&per_page=100&with_shared=true": + fmt.Println("here") + _, err := io.WriteString(w, `[{ + "id": 27084533, + "description": "", + "name": "argocd", + "name_with_namespace": "test argocd proton / argocd", + "path": "argocd", + "path_with_namespace": "test-argocd-proton/argocd", + "created_at": "2021-06-01T17:30:44.724Z", + "default_branch": "master", + "tag_list": [], + "topics": [], + "ssh_url_to_repo": "git@gitlab.com:test-argocd-proton/argocd.git", + "http_url_to_repo": "https://gitlab.com/test-argocd-proton/argocd.git", + "web_url": "https://gitlab.com/test-argocd-proton/argocd", + "readme_url": null, + "avatar_url": null, + "forks_count": 0, + "star_count": 0, + "last_activity_at": "2021-06-04T08:19:51.656Z", + "namespace": { + "id": 12258515, + "name": "test argocd proton", + "path": "test-argocd-proton", + "kind": "gro* Connection #0 to host gitlab.com left intact up ", + "full_path ": "test - argocd - proton ", + "parent_id ": null, + "avatar_url ": null, + "web_url ": "https: //gitlab.com/groups/test-argocd-proton" + }, + "container_registry_image_prefix": "registry.gitlab.com/test-argocd-proton/argocd", + "_links": { + "self": "https://gitlab.com/api/v4/projects/27084533", + "issues": "https://gitlab.com/api/v4/projects/27084533/issues", + "merge_requests": "https://gitlab.com/api/v4/projects/27084533/merge_requests", + "repo_branches": "https://gitlab.com/api/v4/projects/27084533/repository/branches", + "labels": "https://gitlab.com/api/v4/projects/27084533/labels", + "events": "https://gitlab.com/api/v4/projects/27084533/events", + "members": "https://gitlab.com/api/v4/projects/27084533/members", + "cluster_agents": "https://gitlab.com/api/v4/projects/27084533/cluster_agents" + }, + "packages_enabled": true, + "empty_repo": false, + "archived": false, + "visibility": "public", + "resolve_outdated_diff_discussions": false, + "container_expiration_policy": { + "cadence": "1d", + "enabled": false, + "keep_n": 10, + "older_than": "90d", + "name_regex": ".*", + "name_regex_keep": null, + "next_run_at": "2021-06-02T17:30:44.740Z" + }, + "issues_enabled": true, + "merge_requests_enabled": true, + "wiki_enabled": true, + "jobs_enabled": true, + "snippets_enabled": true, + "container_registry_enabled": true, + "service_desk_enabled": true, + "can_create_merge_request_in": false, + "issues_access_level": "enabled", + "repository_access_level": "enabled", + "merge_requests_access_level": "enabled", + "forking_access_level": "enabled", + "wiki_access_level": "enabled", + "builds_access_level": "enabled", + "snippets_access_level": "enabled", + "pages_access_level": "enabled", + "operations_access_level": "enabled", + "analytics_access_level": "enabled", + "container_registry_access_level": "enabled", + "security_and_compliance_access_level": "private", + "emails_disabled": null, + "shared_runners_enabled": true, + "lfs_enabled": true, + "creator_id": 2378866, + "import_status": "none", + "open_issues_count": 0, + "ci_default_git_depth": 50, + "ci_forward_deployment_enabled": true, + "ci_job_token_scope_enabled": false, + "public_jobs": true, + "build_timeout": 3600, + "auto_cancel_pending_pipelines": "enabled", + "ci_config_path": "", + "shared_with_groups": [], + "only_allow_merge_if_pipeline_succeeds": false, + "allow_merge_on_skipped_pipeline": null, + "restrict_user_defined_variables": false, + "request_access_enabled": true, + "only_allow_merge_if_all_discussions_are_resolved": false, + "remove_source_branch_after_merge": true, + "printing_merge_request_link_enabled": true, + "merge_method": "merge", + "squash_option": "default_off", + "suggestion_commit_message": null, + "merge_commit_template": null, + "squash_commit_template": null, + "auto_devops_enabled": false, + "auto_devops_deploy_strategy": "continuous", + "autoclose_referenced_issues": true, + "keep_latest_artifact": true, + "runner_token_expiration_interval": null, + "approvals_before_merge": 0, + "mirror": false, + "external_authorization_classification_label": "", + "marked_for_deletion_at": null, + "marked_for_deletion_on": null, + "requirements_enabled": true, + "requirements_access_level": "enabled", + "security_and_compliance_enabled": false, + "compliance_frameworks": [], + "issues_template": null, + "merge_requests_template": null, + "merge_pipelines_enabled": false, + "merge_trains_enabled": false + }, + { + "id": 27084534, + "description": "This is a Shared Project", + "name": "shared-argocd", + "name_with_namespace": "shared project to test argocd proton / argocd", + "path": "shared-argocd", + "path_with_namespace": "test-shared-argocd-proton/shared-argocd", + "created_at": "2021-06-11T17:30:44.724Z", + "default_branch": "master", + "tag_list": [], + "topics": [], + "ssh_url_to_repo": "git@gitlab.com:test-shared-argocd-proton/shared-argocd.git", + "http_url_to_repo": "https://gitlab.com/test-shared-argocd-proton/shared-argocd.git", + "web_url": "https://gitlab.com/test-shared-argocd-proton/shared-argocd", + "readme_url": null, + "avatar_url": null, + "forks_count": 0, + "star_count": 0, + "last_activity_at": "2021-06-04T08:19:51.656Z", + "namespace": { + "id": 12258518, + "name": "test shared argocd proton", + "path": "test-shared-argocd-proton", + "kind": "group", + "full_path ": "test-shared-argocd-proton", + "parent_id ": null, + "avatar_url ": null, + "web_url ": "https: //gitlab.com/groups/test-shared-argocd-proton" + }, + "container_registry_image_prefix": "registry.gitlab.com/test-shared-argocd-proton/shared-argocd", + "_links": { + "self": "https://gitlab.com/api/v4/projects/27084534", + "issues": "https://gitlab.com/api/v4/projects/27084534/issues", + "merge_requests": "https://gitlab.com/api/v4/projects/27084534/merge_requests", + "repo_branches": "https://gitlab.com/api/v4/projects/27084534/repository/branches", + "labels": "https://gitlab.com/api/v4/projects/27084534/labels", + "events": "https://gitlab.com/api/v4/projects/27084534/events", + "members": "https://gitlab.com/api/v4/projects/27084534/members", + "cluster_agents": "https://gitlab.com/api/v4/projects/27084534/cluster_agents" + }, + "packages_enabled": true, + "empty_repo": false, + "archived": false, + "visibility": "public", + "resolve_outdated_diff_discussions": false, + "container_expiration_policy": { + "cadence": "1d", + "enabled": false, + "keep_n": 10, + "older_than": "90d", + "name_regex": ".*", + "name_regex_keep": null, + "next_run_at": "2021-06-12T17:30:44.740Z" + }, + "issues_enabled": true, + "merge_requests_enabled": true, + "wiki_enabled": true, + "jobs_enabled": true, + "snippets_enabled": true, + "container_registry_enabled": true, + "service_desk_enabled": true, + "can_create_merge_request_in": false, + "issues_access_level": "enabled", + "repository_access_level": "enabled", + "merge_requests_access_level": "enabled", + "forking_access_level": "enabled", + "wiki_access_level": "enabled", + "builds_access_level": "enabled", + "snippets_access_level": "enabled", + "pages_access_level": "enabled", + "operations_access_level": "enabled", + "analytics_access_level": "enabled", + "container_registry_access_level": "enabled", + "security_and_compliance_access_level": "private", + "emails_disabled": null, + "shared_runners_enabled": true, + "lfs_enabled": true, + "creator_id": 2378866, + "import_status": "none", + "open_issues_count": 0, + "ci_default_git_depth": 50, + "ci_forward_deployment_enabled": true, + "ci_job_token_scope_enabled": false, + "public_jobs": true, + "build_timeout": 3600, + "auto_cancel_pending_pipelines": "enabled", + "ci_config_path": "", + "shared_with_groups": [ + { + "group_id": 12258515, + "group_name": "test-argocd-proton", + "group_full_path": "test-shared-argocd-proton", + "group_access_level": 30, + "expires_at": null + } + ], + "only_allow_merge_if_pipeline_succeeds": false, + "allow_merge_on_skipped_pipeline": null, + "restrict_user_defined_variables": false, + "request_access_enabled": true, + "only_allow_merge_if_all_discussions_are_resolved": false, + "remove_source_branch_after_merge": true, + "printing_merge_request_link_enabled": true, + "merge_method": "merge", + "squash_option": "default_off", + "suggestion_commit_message": null, + "merge_commit_template": null, + "squash_commit_template": null, + "auto_devops_enabled": false, + "auto_devops_deploy_strategy": "continuous", + "autoclose_referenced_issues": true, + "keep_latest_artifact": true, + "runner_token_expiration_interval": null, + "approvals_before_merge": 0, + "mirror": false, + "external_authorization_classification_label": "", + "marked_for_deletion_at": null, + "marked_for_deletion_on": null, + "requirements_enabled": true, + "requirements_access_level": "enabled", + "security_and_compliance_enabled": false, + "compliance_frameworks": [], + "issues_template": null, + "merge_requests_template": null, + "merge_pipelines_enabled": false, + "merge_trains_enabled": false + }]`) + if err != nil { + t.Fail() + } case "/api/v4/projects/27084533/repository/branches/master": fmt.Println("returning") _, err := io.WriteString(w, `{ @@ -229,6 +724,116 @@ func gitlabMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { if err != nil { t.Fail() } + case "/api/v4/projects/27084534/repository/branches?per_page=100": + _, err := io.WriteString(w, `[{ + "name": "master", + "commit": { + "id": "8898d7999fc99dd0fd578650b58b244fc63f6b53", + "short_id": "8898d799", + "created_at": "2021-06-04T08:24:44.000+00:00", + "parent_ids": null, + "title": "Merge branch 'pipeline-1317911429' into 'master'", + "message": "Merge branch 'pipeline-1317911429' into 'master'", + "author_name": "Martin Vozník", + "author_email": "martin@voznik.cz", + "authored_date": "2021-06-04T08:24:44.000+00:00", + "committer_name": "Martin Vozník", + "committer_email": "martin@voznik.cz", + "committed_date": "2021-06-04T08:24:44.000+00:00", + "trailers": null, + "web_url": "https://gitlab.com/test-shared-argocd-proton/shared-argocd/-/commit/8898d7999fc99dd0fd578650b58b244fc63f6b53" + }, + "merged": false, + "protected": true, + "developers_can_push": false, + "developers_can_merge": false, + "can_push": false, + "default": true, + "web_url": "https://gitlab.com/test-shared-argocd-proton/shared-argocd/-/tree/master" + }, { + "name": "pipeline-2310077506", + "commit": { + "id": "0f92540e5f396ba960adea4ed0aa905baf3f73d1", + "short_id": "0f92540e", + "created_at": "2021-06-01T18:39:59.000+00:00", + "parent_ids": null, + "title": "[testapp-ci] manifests/demo/test-app.yaml: release v1.0.1", + "message": "[testapp-ci] manifests/demo/test-app.yaml: release v1.0.1", + "author_name": "ci-test-app", + "author_email": "mvoznik+cicd@protonmail.com", + "authored_date": "2021-06-01T18:39:59.000+00:00", + "committer_name": "ci-test-app", + "committer_email": "mvoznik+cicd@protonmail.com", + "committed_date": "2021-06-01T18:39:59.000+00:00", + "trailers": null, + "web_url": "https://gitlab.com/test-shared-argocd-proton/shared-argocd/-/commit/0f92540e5f396ba960adea4ed0aa905baf3f73d1" + }, + "merged": false, + "protected": false, + "developers_can_push": false, + "developers_can_merge": false, + "can_push": false, + "default": false, + "web_url": "https://gitlab.com/test-shared-argocd-proton/shared-argocd/-/tree/pipeline-1310077506" + }]`) + if err != nil { + t.Fail() + } + case "/api/v4/projects/27084538/repository/branches?per_page=100": + _, err := io.WriteString(w, `[{ + "name": "master", + "commit": { + "id": "8898d7999fc99dd0fd578650b58b244fc63f6b58", + "short_id": "8898d801", + "created_at": "2021-06-04T08:24:44.000+00:00", + "parent_ids": null, + "title": "Merge branch 'pipeline-1317911429' into 'master'", + "message": "Merge branch 'pipeline-1317911429' into 'master'", + "author_name": "Martin Vozník", + "author_email": "martin@voznik.cz", + "authored_date": "2021-06-04T08:24:44.000+00:00", + "committer_name": "Martin Vozník", + "committer_email": "martin@voznik.cz", + "committed_date": "2021-06-04T08:24:44.000+00:00", + "trailers": null, + "web_url": "https://gitlab.com/test-argocd-proton/subgroup/argocd-subgroup/-/commit/8898d7999fc99dd0fd578650b58b244fc63f6b53" + }, + "merged": false, + "protected": true, + "developers_can_push": false, + "developers_can_merge": false, + "can_push": false, + "default": true, + "web_url": "https://gitlab.com/test-argocd-proton/subgroup/argocd-subgroup/-/tree/master" + }, { + "name": "pipeline-2310077506", + "commit": { + "id": "0f92540e5f396ba960adea4ed0aa905baf3f73d1", + "short_id": "0f92540e", + "created_at": "2021-06-01T18:39:59.000+00:00", + "parent_ids": null, + "title": "[testapp-ci] manifests/demo/test-app.yaml: release v1.0.1", + "message": "[testapp-ci] manifests/demo/test-app.yaml: release v1.0.1", + "author_name": "ci-test-app", + "author_email": "mvoznik+cicd@protonmail.com", + "authored_date": "2021-06-01T18:39:59.000+00:00", + "committer_name": "ci-test-app", + "committer_email": "mvoznik+cicd@protonmail.com", + "committed_date": "2021-06-01T18:39:59.000+00:00", + "trailers": null, + "web_url": "https://gitlab.com/test-argocd-proton/subgroup/argocd-subgroup/-/commit/0f92540e5f396ba960adea4ed0aa905baf3f73d1" + }, + "merged": false, + "protected": false, + "developers_can_push": false, + "developers_can_merge": false, + "can_push": false, + "default": false, + "web_url": "https://gitlab.com/test-argocd-proton/subgroup/argocd-subgroup/-/tree/pipeline-1310077506" + }]`) + if err != nil { + t.Fail() + } case "/api/v4/projects/test-argocd-proton%2Fargocd": fmt.Println("auct") _, err := io.WriteString(w, `{ @@ -286,10 +891,10 @@ func gitlabMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { } func TestGitlabListRepos(t *testing.T) { cases := []struct { - name, proto, url string - hasError, allBranches, includeSubgroups, insecure bool - branches []string - filters []v1alpha1.SCMProviderGeneratorFilter + name, proto, url string + hasError, allBranches, includeSubgroups, includeSharedProjects, insecure bool + branches []string + filters []v1alpha1.SCMProviderGeneratorFilter }{ { name: "blank protocol", @@ -317,32 +922,54 @@ func TestGitlabListRepos(t *testing.T) { url: "git@gitlab.com:test-argocd-proton/argocd.git", branches: []string{"master"}, }, + { + name: "all subgroups", + allBranches: true, + url: "git@gitlab.com:test-argocd-proton/argocd.git", + branches: []string{"master"}, + includeSharedProjects: false, + includeSubgroups: true, + }, + { + name: "all subgroups and shared projects", + allBranches: true, + url: "git@gitlab.com:test-argocd-proton/argocd.git", + branches: []string{"master"}, + includeSharedProjects: true, + includeSubgroups: true, + }, } ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { gitlabMockHandler(t)(w, r) })) for _, c := range cases { t.Run(c.name, func(t *testing.T) { - provider, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, c.allBranches, c.includeSubgroups, c.insecure, "") + provider, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, c.allBranches, c.includeSubgroups, c.includeSharedProjects, c.insecure, "") rawRepos, err := ListRepos(context.Background(), provider, c.filters, c.proto) if c.hasError { assert.NotNil(t, err) } else { assert.Nil(t, err) - // Just check that this one project shows up. Not a great test but better thing nothing? + // Just check that this one project shows up. Not a great test but better than nothing? repos := []*Repository{} + uniqueRepos := map[string]int{} branches := []string{} for _, r := range rawRepos { if r.Repository == "argocd" { repos = append(repos, r) branches = append(branches, r.Branch) } + uniqueRepos[r.Repository]++ } assert.NotEmpty(t, repos) assert.Equal(t, c.url, repos[0].URL) for _, b := range c.branches { assert.Contains(t, branches, b) } + // In case of listing subgroups, validate the number of returned projects + if c.includeSubgroups || c.includeSharedProjects { + assert.Equal(t, 2, len(uniqueRepos)) + } } }) } @@ -352,7 +979,7 @@ func TestGitlabHasPath(t *testing.T) { ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { gitlabMockHandler(t)(w, r) })) - host, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true, false, "") + host, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true, true, false, "") repo := &Repository{ Organization: "test-argocd-proton", Repository: "argocd", @@ -398,7 +1025,7 @@ func TestGitlabGetBranches(t *testing.T) { ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { gitlabMockHandler(t)(w, r) })) - host, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true, false, "") + host, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true, true, false, "") repo := &Repository{ RepositoryId: 27084533, diff --git a/assets/swagger.json b/assets/swagger.json index c9dfc6658cd1e..7fda4caeea71c 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -8679,6 +8679,10 @@ "description": "Gitlab group to scan. Required. You can use either the project id (recommended) or the full namespaced path.", "type": "string" }, + "includeSharedProjects": { + "type": "boolean", + "title": "When recursing through subgroups, also include shared Projects (true) or scan only the subgroups under same path (false). Defaults to \"true\"" + }, "includeSubgroups": { "type": "boolean", "title": "Recurse through subgroups (true) or scan only the base group (false). Defaults to \"false\"" diff --git a/docs/operator-manual/applicationset/Generators-SCM-Provider.md b/docs/operator-manual/applicationset/Generators-SCM-Provider.md index 095d6616ee5e3..8f4a6ad96a986 100644 --- a/docs/operator-manual/applicationset/Generators-SCM-Provider.md +++ b/docs/operator-manual/applicationset/Generators-SCM-Provider.md @@ -87,6 +87,9 @@ spec: allBranches: true # If true, recurses through subgroups. If false, it searches only in the base group. Defaults to false. includeSubgroups: true + # If true and includeSubgroups is also true, include Shared Projects, which is gitlab API default. + # If false only search Projects under the same path. Defaults to true. + includeSharedProjects: false # Reference to a Secret containing an access token. (optional) tokenRef: secretName: gitlab-token @@ -101,6 +104,7 @@ spec: * `api`: If using self-hosted GitLab, the URL to access it. * `allBranches`: By default (false) the template will only be evaluated for the default branch of each repo. If this is true, every branch of every repository will be passed to the filters. If using this flag, you likely want to use a `branchMatch` filter. * `includeSubgroups`: By default (false) the controller will only search for repos directly in the base group. If this is true, it will recurse through all the subgroups searching for repos to scan. +* `includeSharedProjects`: If true and includeSubgroups is also true, include Shared Projects, which is gitlab API default. If false only search Projects under the same path. In general most would want the behaviour when set to false. Defaults to true. * `tokenRef`: A `Secret` name and key containing the GitLab access token to use for requests. If not specified, will make anonymous requests which have a lower rate limit and can only see public repositories. * `insecure`: By default (false) - Skip checking the validity of the SCM's certificate - useful for self-signed TLS certificates. diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 49aeaddd46fd1..642e1de181142 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -10044,6 +10044,8 @@ spec: type: string group: type: string + includeSharedProjects: + type: boolean includeSubgroups: type: boolean insecure: @@ -14523,6 +14525,8 @@ spec: type: string group: type: string + includeSharedProjects: + type: boolean includeSubgroups: type: boolean insecure: @@ -16931,6 +16935,8 @@ spec: type: string group: type: string + includeSharedProjects: + type: boolean includeSubgroups: type: boolean insecure: diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml index 72d23d94a46b8..f068d36996d12 100644 --- a/manifests/crds/applicationset-crd.yaml +++ b/manifests/crds/applicationset-crd.yaml @@ -5553,6 +5553,8 @@ spec: type: string group: type: string + includeSharedProjects: + type: boolean includeSubgroups: type: boolean insecure: @@ -10032,6 +10034,8 @@ spec: type: string group: type: string + includeSharedProjects: + type: boolean includeSubgroups: type: boolean insecure: @@ -12440,6 +12444,8 @@ spec: type: string group: type: string + includeSharedProjects: + type: boolean includeSubgroups: type: boolean insecure: diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index bbb357b2cd595..26801daea28a2 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -10044,6 +10044,8 @@ spec: type: string group: type: string + includeSharedProjects: + type: boolean includeSubgroups: type: boolean insecure: @@ -14523,6 +14525,8 @@ spec: type: string group: type: string + includeSharedProjects: + type: boolean includeSubgroups: type: boolean insecure: @@ -16931,6 +16935,8 @@ spec: type: string group: type: string + includeSharedProjects: + type: boolean includeSubgroups: type: boolean insecure: diff --git a/manifests/install.yaml b/manifests/install.yaml index ee1212b1f90c9..6a5afae6a87ae 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -10044,6 +10044,8 @@ spec: type: string group: type: string + includeSharedProjects: + type: boolean includeSubgroups: type: boolean insecure: @@ -14523,6 +14525,8 @@ spec: type: string group: type: string + includeSharedProjects: + type: boolean includeSubgroups: type: boolean insecure: @@ -16931,6 +16935,8 @@ spec: type: string group: type: string + includeSharedProjects: + type: boolean includeSubgroups: type: boolean insecure: diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go index 19edd05646209..137e40bdca973 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types.go +++ b/pkg/apis/application/v1alpha1/applicationset_types.go @@ -441,6 +441,12 @@ type SCMProviderGeneratorGitlab struct { AllBranches bool `json:"allBranches,omitempty" protobuf:"varint,5,opt,name=allBranches"` // Skips validating the SCM provider's TLS certificate - useful for self-signed certificates.; default: false Insecure bool `json:"insecure,omitempty" protobuf:"varint,6,opt,name=insecure"` + // When recursing through subgroups, also include shared Projects (true) or scan only the subgroups under same path (false). Defaults to "true" + IncludeSharedProjects *bool `json:"includeSharedProjects,omitempty" protobuf:"varint,7,opt,name=includeSharedProjects"` +} + +func (s *SCMProviderGeneratorGitlab) WillIncludeSharedProjects() bool { + return s.IncludeSharedProjects == nil || *s.IncludeSharedProjects } // SCMProviderGeneratorBitbucket defines connection info specific to Bitbucket Cloud (API version 2). diff --git a/pkg/apis/application/v1alpha1/applicationset_types_test.go b/pkg/apis/application/v1alpha1/applicationset_types_test.go index 62ff3aac4e95d..1f9dc64b1fdb3 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types_test.go +++ b/pkg/apis/application/v1alpha1/applicationset_types_test.go @@ -6,6 +6,7 @@ import ( "github.com/stretchr/testify/assert" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/pointer" ) func testAppSetCond(t ApplicationSetConditionType, msg string, lastTransitionTime *metav1.Time, status ApplicationSetConditionStatus, reason string) ApplicationSetCondition { @@ -167,3 +168,14 @@ func assertAppSetConditions(t *testing.T, expected []ApplicationSetCondition, ac assert.Equal(t, expected[i].Message, actual[i].Message) } } + +func TestSCMProviderGeneratorGitlab_WillIncludeSharedProjects(t *testing.T) { + settings := SCMProviderGeneratorGitlab{} + assert.True(t, settings.WillIncludeSharedProjects()) + + settings.IncludeSharedProjects = pointer.BoolPtr(false) + assert.False(t, settings.WillIncludeSharedProjects()) + + settings.IncludeSharedProjects = pointer.BoolPtr(true) + assert.True(t, settings.WillIncludeSharedProjects()) +} diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index 8a788c206b4f9..2a07743f75ac3 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -4300,671 +4300,672 @@ func init() { } var fileDescriptor_030104ce3b95bcac = []byte{ - // 10611 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x25, 0xd9, - 0x75, 0x90, 0xfb, 0x7d, 0x48, 0xef, 0x1d, 0x69, 0x3e, 0x74, 0x67, 0x66, 0x57, 0x3b, 0xde, 0x5d, - 0x4d, 0x7a, 0x2b, 0xeb, 0x35, 0xde, 0x95, 0xb2, 0xe3, 0x5d, 0xb3, 0x64, 0x13, 0x3b, 0x7a, 0xd2, - 0x8c, 0x46, 0x33, 0xd2, 0x48, 0x7b, 0xa5, 0x99, 0xb1, 0xd7, 0x59, 0xaf, 0x5b, 0xfd, 0xae, 0x9e, - 0x7a, 0xd4, 0xaf, 0xbb, 0xb7, 0xbb, 0x9f, 0x46, 0xda, 0xd8, 0x8e, 0x1d, 0xe7, 0xc3, 0xe0, 0x4f, - 0x6c, 0xa8, 0x38, 0x80, 0x83, 0x13, 0x07, 0x8a, 0x14, 0x6c, 0x11, 0xe0, 0x07, 0x81, 0x40, 0xa5, - 0x92, 0xf0, 0xc3, 0x94, 0xa1, 0x48, 0x51, 0xa9, 0x38, 0x40, 0x22, 0x6c, 0x51, 0x14, 0x14, 0x55, - 0xa4, 0x2a, 0xc0, 0x0f, 0x18, 0x28, 0xa0, 0xee, 0xf7, 0xed, 0x7e, 0xef, 0x8d, 0x9e, 0xa4, 0xd6, - 0xcc, 0xd8, 0xd9, 0x7f, 0xef, 0xdd, 0x73, 0xfa, 0x9c, 0xd3, 0xb7, 0xef, 0x3d, 0xf7, 0xdc, 0x73, - 0xcf, 0x39, 0x17, 0x16, 0x5a, 0x5e, 0xba, 0xd1, 0x59, 0x9b, 0x74, 0xc3, 0xf6, 0x94, 0x13, 0xb7, - 0xc2, 0x28, 0x0e, 0x6f, 0xb3, 0x1f, 0xcf, 0xb9, 0xcd, 0xa9, 0xad, 0x8b, 0x53, 0xd1, 0x66, 0x6b, - 0xca, 0x89, 0xbc, 0x64, 0xca, 0x89, 0x22, 0xdf, 0x73, 0x9d, 0xd4, 0x0b, 0x83, 0xa9, 0xad, 0xe7, - 0x1d, 0x3f, 0xda, 0x70, 0x9e, 0x9f, 0x6a, 0x91, 0x80, 0xc4, 0x4e, 0x4a, 0x9a, 0x93, 0x51, 0x1c, - 0xa6, 0x21, 0xfa, 0x11, 0x4d, 0x6d, 0x52, 0x52, 0x63, 0x3f, 0x5e, 0x77, 0x9b, 0x93, 0x5b, 0x17, - 0x27, 0xa3, 0xcd, 0xd6, 0x24, 0xa5, 0x36, 0x69, 0x50, 0x9b, 0x94, 0xd4, 0xce, 0x3f, 0x67, 0xc8, - 0xd2, 0x0a, 0x5b, 0xe1, 0x14, 0x23, 0xba, 0xd6, 0x59, 0x67, 0xff, 0xd8, 0x1f, 0xf6, 0x8b, 0x33, - 0x3b, 0x6f, 0x6f, 0xbe, 0x94, 0x4c, 0x7a, 0x21, 0x15, 0x6f, 0xca, 0x0d, 0x63, 0x32, 0xb5, 0xd5, - 0x25, 0xd0, 0xf9, 0x2b, 0x1a, 0x87, 0x6c, 0xa7, 0x24, 0x48, 0xbc, 0x30, 0x48, 0x9e, 0xa3, 0x22, - 0x90, 0x78, 0x8b, 0xc4, 0xe6, 0xeb, 0x19, 0x08, 0xbd, 0x28, 0xbd, 0xa0, 0x29, 0xb5, 0x1d, 0x77, - 0xc3, 0x0b, 0x48, 0xbc, 0xa3, 0x1f, 0x6f, 0x93, 0xd4, 0xe9, 0xf5, 0xd4, 0x54, 0xbf, 0xa7, 0xe2, - 0x4e, 0x90, 0x7a, 0x6d, 0xd2, 0xf5, 0xc0, 0xfb, 0xf6, 0x7b, 0x20, 0x71, 0x37, 0x48, 0xdb, 0xe9, - 0x7a, 0xee, 0xbd, 0xfd, 0x9e, 0xeb, 0xa4, 0x9e, 0x3f, 0xe5, 0x05, 0x69, 0x92, 0xc6, 0xf9, 0x87, - 0xec, 0x37, 0xe0, 0xc4, 0xf4, 0xad, 0x95, 0xe9, 0x4e, 0xba, 0x31, 0x13, 0x06, 0xeb, 0x5e, 0x0b, - 0xbd, 0x08, 0x23, 0xae, 0xdf, 0x49, 0x52, 0x12, 0x5f, 0x77, 0xda, 0x64, 0xdc, 0xba, 0x60, 0x3d, - 0x53, 0x6f, 0x9c, 0xf9, 0xe6, 0xee, 0xc4, 0x3b, 0xf6, 0x76, 0x27, 0x46, 0x66, 0x34, 0x08, 0x9b, - 0x78, 0xe8, 0xdd, 0x30, 0x1c, 0x87, 0x3e, 0x99, 0xc6, 0xd7, 0xc7, 0x4b, 0xec, 0x91, 0x53, 0xe2, - 0x91, 0x61, 0xcc, 0x9b, 0xb1, 0x84, 0xdb, 0xbf, 0x5f, 0x02, 0x98, 0x8e, 0xa2, 0xe5, 0x38, 0xbc, - 0x4d, 0xdc, 0x14, 0x7d, 0x14, 0x6a, 0xb4, 0xeb, 0x9a, 0x4e, 0xea, 0x30, 0x6e, 0x23, 0x17, 0x7f, - 0x68, 0x92, 0xbf, 0xc9, 0xa4, 0xf9, 0x26, 0x7a, 0xe0, 0x50, 0xec, 0xc9, 0xad, 0xe7, 0x27, 0x97, - 0xd6, 0xe8, 0xf3, 0x8b, 0x24, 0x75, 0x1a, 0x48, 0x30, 0x03, 0xdd, 0x86, 0x15, 0x55, 0x14, 0x40, - 0x25, 0x89, 0x88, 0xcb, 0x04, 0x1b, 0xb9, 0xb8, 0x30, 0x79, 0x94, 0x11, 0x3a, 0xa9, 0x25, 0x5f, - 0x89, 0x88, 0xdb, 0x18, 0x15, 0x9c, 0x2b, 0xf4, 0x1f, 0x66, 0x7c, 0xd0, 0x16, 0x0c, 0x25, 0xa9, - 0x93, 0x76, 0x92, 0xf1, 0x32, 0xe3, 0x78, 0xbd, 0x30, 0x8e, 0x8c, 0x6a, 0xe3, 0xa4, 0xe0, 0x39, - 0xc4, 0xff, 0x63, 0xc1, 0xcd, 0xfe, 0x23, 0x0b, 0x4e, 0x6a, 0xe4, 0x05, 0x2f, 0x49, 0xd1, 0x8f, - 0x77, 0x75, 0xee, 0xe4, 0x60, 0x9d, 0x4b, 0x9f, 0x66, 0x5d, 0x7b, 0x5a, 0x30, 0xab, 0xc9, 0x16, - 0xa3, 0x63, 0xdb, 0x50, 0xf5, 0x52, 0xd2, 0x4e, 0xc6, 0x4b, 0x17, 0xca, 0xcf, 0x8c, 0x5c, 0xbc, - 0x52, 0xd4, 0x7b, 0x36, 0x4e, 0x08, 0xa6, 0xd5, 0x79, 0x4a, 0x1e, 0x73, 0x2e, 0xf6, 0xaf, 0x8e, - 0x9a, 0xef, 0x47, 0x3b, 0x1c, 0x3d, 0x0f, 0x23, 0x49, 0xd8, 0x89, 0x5d, 0x82, 0x49, 0x14, 0x26, - 0xe3, 0xd6, 0x85, 0x32, 0x1d, 0x7a, 0x74, 0xa4, 0xae, 0xe8, 0x66, 0x6c, 0xe2, 0xa0, 0x2f, 0x58, - 0x30, 0xda, 0x24, 0x49, 0xea, 0x05, 0x8c, 0xbf, 0x14, 0x7e, 0xf5, 0xc8, 0xc2, 0xcb, 0xc6, 0x59, - 0x4d, 0xbc, 0x71, 0x56, 0xbc, 0xc8, 0xa8, 0xd1, 0x98, 0xe0, 0x0c, 0x7f, 0x3a, 0xe3, 0x9a, 0x24, - 0x71, 0x63, 0x2f, 0xa2, 0xff, 0xd9, 0x98, 0x31, 0x66, 0xdc, 0xac, 0x06, 0x61, 0x13, 0x0f, 0x05, - 0x50, 0xa5, 0x33, 0x2a, 0x19, 0xaf, 0x30, 0xf9, 0xe7, 0x8f, 0x26, 0xbf, 0xe8, 0x54, 0x3a, 0x59, - 0x75, 0xef, 0xd3, 0x7f, 0x09, 0xe6, 0x6c, 0xd0, 0xe7, 0x2d, 0x18, 0x17, 0x33, 0x1e, 0x13, 0xde, - 0xa1, 0xb7, 0x36, 0xbc, 0x94, 0xf8, 0x5e, 0x92, 0x8e, 0x57, 0x99, 0x0c, 0x53, 0x83, 0x8d, 0xad, - 0xb9, 0x38, 0xec, 0x44, 0xd7, 0xbc, 0xa0, 0xd9, 0xb8, 0x20, 0x38, 0x8d, 0xcf, 0xf4, 0x21, 0x8c, - 0xfb, 0xb2, 0x44, 0x5f, 0xb1, 0xe0, 0x7c, 0xe0, 0xb4, 0x49, 0x12, 0x39, 0xf4, 0xd3, 0x72, 0x70, - 0xc3, 0x77, 0xdc, 0x4d, 0x26, 0xd1, 0xd0, 0xe1, 0x24, 0xb2, 0x85, 0x44, 0xe7, 0xaf, 0xf7, 0x25, - 0x8d, 0xef, 0xc1, 0x16, 0x7d, 0xc3, 0x82, 0xb1, 0x30, 0x8e, 0x36, 0x9c, 0x80, 0x34, 0x25, 0x34, - 0x19, 0x1f, 0x66, 0x53, 0xef, 0x23, 0x47, 0xfb, 0x44, 0x4b, 0x79, 0xb2, 0x8b, 0x61, 0xe0, 0xa5, - 0x61, 0xbc, 0x42, 0xd2, 0xd4, 0x0b, 0x5a, 0x49, 0xe3, 0xdc, 0xde, 0xee, 0xc4, 0x58, 0x17, 0x16, - 0xee, 0x96, 0x07, 0xfd, 0x04, 0x8c, 0x24, 0x3b, 0x81, 0x7b, 0xcb, 0x0b, 0x9a, 0xe1, 0x9d, 0x64, - 0xbc, 0x56, 0xc4, 0xf4, 0x5d, 0x51, 0x04, 0xc5, 0x04, 0xd4, 0x0c, 0xb0, 0xc9, 0xad, 0xf7, 0x87, - 0xd3, 0x43, 0xa9, 0x5e, 0xf4, 0x87, 0xd3, 0x83, 0xe9, 0x1e, 0x6c, 0xd1, 0xcf, 0x59, 0x70, 0x22, - 0xf1, 0x5a, 0x81, 0x93, 0x76, 0x62, 0x72, 0x8d, 0xec, 0x24, 0xe3, 0xc0, 0x04, 0xb9, 0x7a, 0xc4, - 0x5e, 0x31, 0x48, 0x36, 0xce, 0x09, 0x19, 0x4f, 0x98, 0xad, 0x09, 0xce, 0xf2, 0xed, 0x35, 0xd1, - 0xf4, 0xb0, 0x1e, 0x29, 0x76, 0xa2, 0xe9, 0x41, 0xdd, 0x97, 0x25, 0xfa, 0x31, 0x38, 0xcd, 0x9b, - 0x54, 0xcf, 0x26, 0xe3, 0xa3, 0x4c, 0xd1, 0x9e, 0xdd, 0xdb, 0x9d, 0x38, 0xbd, 0x92, 0x83, 0xe1, - 0x2e, 0x6c, 0xf4, 0x06, 0x4c, 0x44, 0x24, 0x6e, 0x7b, 0xe9, 0x52, 0xe0, 0xef, 0x48, 0xf5, 0xed, - 0x86, 0x11, 0x69, 0x0a, 0x71, 0x92, 0xf1, 0x13, 0x17, 0xac, 0x67, 0x6a, 0x8d, 0x77, 0x09, 0x31, - 0x27, 0x96, 0xef, 0x8d, 0x8e, 0xf7, 0xa3, 0x67, 0xff, 0xf3, 0x12, 0x9c, 0xce, 0x2f, 0x9c, 0xe8, - 0x6f, 0x5a, 0x70, 0xea, 0xf6, 0x9d, 0x74, 0x35, 0xdc, 0x24, 0x41, 0xd2, 0xd8, 0xa1, 0xea, 0x8d, - 0x2d, 0x19, 0x23, 0x17, 0xdd, 0x62, 0x97, 0xe8, 0xc9, 0xab, 0x59, 0x2e, 0x97, 0x82, 0x34, 0xde, - 0x69, 0x3c, 0x2a, 0xde, 0xee, 0xd4, 0xd5, 0x5b, 0xab, 0x26, 0x14, 0xe7, 0x85, 0x3a, 0xff, 0x59, - 0x0b, 0xce, 0xf6, 0x22, 0x81, 0x4e, 0x43, 0x79, 0x93, 0xec, 0x70, 0xab, 0x0c, 0xd3, 0x9f, 0xe8, - 0x35, 0xa8, 0x6e, 0x39, 0x7e, 0x87, 0x08, 0xeb, 0x66, 0xee, 0x68, 0x2f, 0xa2, 0x24, 0xc3, 0x9c, - 0xea, 0x0f, 0x97, 0x5e, 0xb2, 0xec, 0x7f, 0x55, 0x86, 0x11, 0x63, 0x7d, 0xbb, 0x0f, 0x16, 0x5b, - 0x98, 0xb1, 0xd8, 0x16, 0x0b, 0x5b, 0x9a, 0xfb, 0x9a, 0x6c, 0x77, 0x72, 0x26, 0xdb, 0x52, 0x71, - 0x2c, 0xef, 0x69, 0xb3, 0xa1, 0x14, 0xea, 0x61, 0x44, 0x2d, 0x72, 0xba, 0xf4, 0x57, 0x8a, 0xf8, - 0x84, 0x4b, 0x92, 0x5c, 0xe3, 0xc4, 0xde, 0xee, 0x44, 0x5d, 0xfd, 0xc5, 0x9a, 0x91, 0xfd, 0x6d, - 0x0b, 0xce, 0x1a, 0x32, 0xce, 0x84, 0x41, 0xd3, 0x63, 0x9f, 0xf6, 0x02, 0x54, 0xd2, 0x9d, 0x48, - 0x9a, 0xfd, 0xaa, 0xa7, 0x56, 0x77, 0x22, 0x82, 0x19, 0x84, 0x1a, 0xfa, 0x6d, 0x92, 0x24, 0x4e, - 0x8b, 0xe4, 0x0d, 0xfd, 0x45, 0xde, 0x8c, 0x25, 0x1c, 0xc5, 0x80, 0x7c, 0x27, 0x49, 0x57, 0x63, - 0x27, 0x48, 0x18, 0xf9, 0x55, 0xaf, 0x4d, 0x44, 0x07, 0xff, 0x99, 0xc1, 0x46, 0x0c, 0x7d, 0xa2, - 0xf1, 0xc8, 0xde, 0xee, 0x04, 0x5a, 0xe8, 0xa2, 0x84, 0x7b, 0x50, 0xb7, 0xbf, 0x62, 0xc1, 0x23, - 0xbd, 0x6d, 0x31, 0xf4, 0x34, 0x0c, 0xf1, 0x2d, 0x9f, 0x78, 0x3b, 0xfd, 0x49, 0x58, 0x2b, 0x16, - 0x50, 0x34, 0x05, 0x75, 0xb5, 0x4e, 0x88, 0x77, 0x1c, 0x13, 0xa8, 0x75, 0xbd, 0xb8, 0x68, 0x1c, - 0xda, 0x69, 0xf4, 0x8f, 0xb0, 0xdc, 0x54, 0xa7, 0xb1, 0x4d, 0x12, 0x83, 0xd8, 0xff, 0xde, 0x82, - 0x53, 0x86, 0x54, 0xf7, 0xc1, 0x34, 0x0f, 0xb2, 0xa6, 0xf9, 0x7c, 0x61, 0xe3, 0xb9, 0x8f, 0x6d, - 0xfe, 0x79, 0x0b, 0xce, 0x1b, 0x58, 0x8b, 0x4e, 0xea, 0x6e, 0x5c, 0xda, 0x8e, 0x62, 0x92, 0xd0, - 0xed, 0x34, 0x7a, 0xc2, 0xd0, 0x5b, 0x8d, 0x11, 0x41, 0xa1, 0x7c, 0x8d, 0xec, 0x70, 0x25, 0xf6, - 0x2c, 0xd4, 0xf8, 0xe0, 0x0c, 0x63, 0xd1, 0xe3, 0xea, 0xdd, 0x96, 0x44, 0x3b, 0x56, 0x18, 0xc8, - 0x86, 0x21, 0xa6, 0x9c, 0xe8, 0x64, 0xa5, 0xcb, 0x10, 0xd0, 0x8f, 0x78, 0x93, 0xb5, 0x60, 0x01, - 0xb1, 0x97, 0x32, 0xe2, 0x2c, 0xc7, 0x84, 0x7d, 0xdc, 0xe6, 0x65, 0x8f, 0xf8, 0xcd, 0x84, 0x6e, - 0x1b, 0x9c, 0x20, 0x08, 0x53, 0xb1, 0x03, 0x30, 0xb6, 0x0d, 0xd3, 0xba, 0x19, 0x9b, 0x38, 0xf6, - 0x5e, 0x89, 0x6d, 0x3e, 0xd4, 0xb4, 0x26, 0xf7, 0x63, 0xe7, 0x1a, 0x67, 0xf4, 0xe0, 0x72, 0x71, - 0x4a, 0x89, 0xf4, 0xdf, 0xbd, 0xbe, 0x99, 0x53, 0x85, 0xb8, 0x50, 0xae, 0xf7, 0xde, 0xc1, 0xfe, - 0x56, 0x09, 0x26, 0xb2, 0x0f, 0x74, 0x69, 0x52, 0xba, 0x5d, 0x32, 0x18, 0xe5, 0x1d, 0x14, 0x06, - 0x3e, 0x36, 0xf1, 0xfa, 0x28, 0xa3, 0xd2, 0x71, 0x2a, 0x23, 0x53, 0x57, 0x96, 0xf7, 0xd1, 0x95, - 0x4f, 0xab, 0x5e, 0xaf, 0xe4, 0x94, 0x53, 0x76, 0xbd, 0xb8, 0x00, 0x95, 0x24, 0x25, 0xd1, 0x78, - 0x35, 0xab, 0x6b, 0x56, 0x52, 0x12, 0x61, 0x06, 0xb1, 0xff, 0x4b, 0x09, 0x1e, 0xcd, 0xf6, 0xa1, - 0x56, 0xef, 0x1f, 0xc8, 0xa8, 0xf7, 0xf7, 0x98, 0xea, 0xfd, 0xee, 0xee, 0xc4, 0x3b, 0xfb, 0x3c, - 0xf6, 0x3d, 0xa3, 0xfd, 0xd1, 0x5c, 0xae, 0x17, 0xa7, 0xb2, 0xbd, 0x78, 0x77, 0x77, 0xe2, 0x89, - 0x3e, 0xef, 0x98, 0xeb, 0xe6, 0xa7, 0x61, 0x28, 0x26, 0x4e, 0x12, 0x06, 0xa2, 0xa3, 0xd5, 0xe7, - 0xc0, 0xac, 0x15, 0x0b, 0xa8, 0xfd, 0xaf, 0xeb, 0xf9, 0xce, 0x9e, 0xe3, 0x0e, 0xb6, 0x30, 0x46, - 0x1e, 0x54, 0x98, 0xc9, 0xce, 0x55, 0xc3, 0xb5, 0xa3, 0x4d, 0x23, 0xaa, 0xe2, 0x15, 0xe9, 0x46, - 0x8d, 0x7e, 0x35, 0xda, 0x84, 0x19, 0x0b, 0xb4, 0x0d, 0x35, 0x57, 0x5a, 0xd2, 0xa5, 0x22, 0x7c, - 0x4e, 0xc2, 0x8e, 0xd6, 0x1c, 0x47, 0xa9, 0x2e, 0x56, 0xe6, 0xb7, 0xe2, 0x86, 0x08, 0x94, 0x5b, - 0x5e, 0x2a, 0x3e, 0xeb, 0x11, 0xf7, 0x4a, 0x73, 0x9e, 0xf1, 0x8a, 0xc3, 0x74, 0x81, 0x98, 0xf3, - 0x52, 0x4c, 0xe9, 0xa3, 0x9f, 0xb1, 0x60, 0x24, 0x71, 0xdb, 0xcb, 0x71, 0xb8, 0xe5, 0x35, 0x49, - 0x2c, 0x2c, 0xa5, 0x23, 0xaa, 0xa6, 0x95, 0x99, 0x45, 0x49, 0x50, 0xf3, 0xe5, 0x7b, 0x57, 0x0d, - 0xc1, 0x26, 0x5f, 0xba, 0x83, 0x78, 0x54, 0xbc, 0xfb, 0x2c, 0x71, 0x3d, 0xba, 0xb6, 0xc9, 0x0d, - 0x13, 0x1b, 0x29, 0x47, 0xb6, 0x1c, 0x67, 0x3b, 0xee, 0x26, 0x9d, 0x6f, 0x5a, 0xa0, 0x77, 0xee, - 0xed, 0x4e, 0x3c, 0x3a, 0xd3, 0x9b, 0x27, 0xee, 0x27, 0x0c, 0xeb, 0xb0, 0xa8, 0xe3, 0xfb, 0x98, - 0xbc, 0xd1, 0x21, 0xcc, 0x1d, 0x52, 0x40, 0x87, 0x2d, 0x6b, 0x82, 0xb9, 0x0e, 0x33, 0x20, 0xd8, - 0xe4, 0x8b, 0xde, 0x80, 0xa1, 0xb6, 0x93, 0xc6, 0xde, 0xb6, 0xf0, 0x81, 0x1c, 0xd1, 0x96, 0x5f, - 0x64, 0xb4, 0x34, 0x73, 0xb6, 0xf4, 0xf3, 0x46, 0x2c, 0x18, 0xa1, 0x36, 0x54, 0xdb, 0x24, 0x6e, - 0x91, 0xf1, 0x5a, 0x11, 0xfe, 0xde, 0x45, 0x4a, 0x4a, 0x33, 0xac, 0x53, 0xcb, 0x87, 0xb5, 0x61, - 0xce, 0x05, 0xbd, 0x06, 0xb5, 0x84, 0xf8, 0xc4, 0xa5, 0xb6, 0x4b, 0x9d, 0x71, 0x7c, 0xef, 0x80, - 0x76, 0x9c, 0xb3, 0x46, 0xfc, 0x15, 0xf1, 0x28, 0x9f, 0x60, 0xf2, 0x1f, 0x56, 0x24, 0x69, 0x07, - 0x46, 0x7e, 0xa7, 0xe5, 0x05, 0xe3, 0x50, 0x44, 0x07, 0x2e, 0x33, 0x5a, 0xb9, 0x0e, 0xe4, 0x8d, - 0x58, 0x30, 0xb2, 0xff, 0xa3, 0x05, 0x28, 0xab, 0xd4, 0xee, 0x83, 0xc1, 0xfa, 0x46, 0xd6, 0x60, - 0x5d, 0x28, 0xd2, 0xea, 0xe8, 0x63, 0xb3, 0xfe, 0x46, 0x1d, 0x72, 0xcb, 0xc1, 0x75, 0x92, 0xa4, - 0xa4, 0xf9, 0xb6, 0x0a, 0x7f, 0x5b, 0x85, 0xbf, 0xad, 0xc2, 0x95, 0x0a, 0x5f, 0xcb, 0xa9, 0xf0, - 0xf7, 0x1b, 0xb3, 0x5e, 0x1f, 0x98, 0xbe, 0xae, 0x4e, 0x54, 0x4d, 0x09, 0x0c, 0x04, 0xaa, 0x09, - 0xae, 0xae, 0x2c, 0x5d, 0xef, 0xa9, 0xb3, 0x5f, 0xcf, 0xea, 0xec, 0xa3, 0xb2, 0xf8, 0xd3, 0xa0, - 0xa5, 0xff, 0x6a, 0x09, 0x1e, 0xcb, 0x6a, 0x2f, 0x1c, 0xfa, 0x7e, 0xd8, 0x49, 0xe9, 0x5e, 0x00, - 0xfd, 0xa2, 0x05, 0xa7, 0xdb, 0xd9, 0x4d, 0x78, 0x22, 0x7c, 0x9d, 0x1f, 0x2c, 0x4c, 0xb5, 0xe6, - 0x76, 0xf9, 0x8d, 0x71, 0xa1, 0x66, 0x4f, 0xe7, 0x00, 0x09, 0xee, 0x92, 0x05, 0xbd, 0x06, 0xf5, - 0xb6, 0xb3, 0x7d, 0x23, 0x6a, 0x3a, 0xa9, 0xdc, 0x86, 0xf5, 0xdf, 0x3d, 0x77, 0x52, 0xcf, 0x9f, - 0xe4, 0x27, 0xd8, 0x93, 0xf3, 0x41, 0xba, 0x14, 0xaf, 0xa4, 0xb1, 0x17, 0xb4, 0xb8, 0x87, 0x6b, - 0x51, 0x92, 0xc1, 0x9a, 0xa2, 0xfd, 0x35, 0x2b, 0xaf, 0xdb, 0x55, 0xef, 0xc4, 0x4e, 0x4a, 0x5a, - 0x3b, 0xe8, 0x63, 0x50, 0xa5, 0xfb, 0x25, 0xd9, 0x2b, 0xb7, 0x8a, 0x5c, 0x70, 0x8c, 0x2f, 0xa1, - 0xd7, 0x1e, 0xfa, 0x2f, 0xc1, 0x9c, 0xa9, 0xfd, 0x95, 0xe1, 0xfc, 0x1a, 0xcb, 0xce, 0x33, 0x2f, - 0x02, 0xb4, 0xc2, 0x55, 0xd2, 0x8e, 0x7c, 0xda, 0x2d, 0x16, 0x73, 0x8a, 0x2b, 0x17, 0xc1, 0x9c, - 0x82, 0x60, 0x03, 0x0b, 0xfd, 0x79, 0x0b, 0xa0, 0x25, 0x87, 0x8a, 0x5c, 0x3f, 0x6f, 0x14, 0xf9, - 0x3a, 0x7a, 0x20, 0x6a, 0x59, 0x14, 0x43, 0x6c, 0x30, 0x47, 0x3f, 0x65, 0x41, 0x2d, 0x95, 0xe2, - 0xf3, 0x15, 0x65, 0xb5, 0x48, 0x49, 0xe4, 0x4b, 0x6b, 0x53, 0x42, 0x75, 0x89, 0xe2, 0x8b, 0x7e, - 0xd6, 0x02, 0x48, 0x76, 0x02, 0x77, 0x39, 0xf4, 0x3d, 0x77, 0x47, 0x2c, 0x34, 0x37, 0x0b, 0x75, - 0x63, 0x28, 0xea, 0x8d, 0x93, 0xb4, 0x37, 0xf4, 0x7f, 0x6c, 0x70, 0x46, 0x9f, 0x80, 0x5a, 0x22, - 0x86, 0x9b, 0x58, 0x5a, 0x56, 0x8b, 0x75, 0xa6, 0x70, 0xda, 0x42, 0x2b, 0x89, 0x7f, 0x58, 0xf1, - 0x44, 0x3f, 0x6f, 0xc1, 0xa9, 0x28, 0xeb, 0xfa, 0x12, 0xab, 0x48, 0x71, 0x3a, 0x20, 0xe7, 0x5a, - 0x6b, 0x9c, 0xd9, 0xdb, 0x9d, 0x38, 0x95, 0x6b, 0xc4, 0x79, 0x29, 0xd0, 0x0c, 0x8c, 0xe9, 0x11, - 0xbc, 0x14, 0x71, 0x37, 0xdc, 0x30, 0x73, 0xc3, 0xb1, 0x53, 0xcc, 0xb9, 0x3c, 0x10, 0x77, 0xe3, - 0xa3, 0x65, 0x38, 0x4b, 0xa5, 0xdb, 0xe1, 0x56, 0x9b, 0xd4, 0xca, 0x09, 0x5b, 0x43, 0x6a, 0x8d, - 0xc7, 0xc5, 0x08, 0x61, 0x8e, 0xee, 0x3c, 0x0e, 0xee, 0xf9, 0xa4, 0xfd, 0xad, 0x52, 0xc6, 0x2f, - 0xae, 0x1c, 0x56, 0x6c, 0x8e, 0xb9, 0xd2, 0x57, 0x20, 0x55, 0x46, 0xa1, 0x73, 0x4c, 0x79, 0x22, - 0xf4, 0x1c, 0x53, 0x4d, 0x09, 0x36, 0x98, 0x53, 0x03, 0x66, 0xcc, 0xc9, 0xbb, 0xc5, 0xc4, 0xb4, - 0x7f, 0xad, 0x48, 0x91, 0xba, 0x4f, 0x31, 0x1e, 0x13, 0xa2, 0x8d, 0x75, 0x81, 0x70, 0xb7, 0x48, - 0xf6, 0xb7, 0xb2, 0xbe, 0x78, 0x63, 0xc4, 0x0e, 0x70, 0xce, 0xf0, 0x05, 0x0b, 0x46, 0xe2, 0xd0, - 0xf7, 0xbd, 0xa0, 0x45, 0x67, 0x97, 0x58, 0x22, 0x3e, 0x7c, 0x2c, 0x5a, 0x5a, 0x4c, 0x23, 0x66, - 0x06, 0x61, 0xcd, 0x13, 0x9b, 0x02, 0xd8, 0x7f, 0x64, 0xc1, 0x78, 0x3f, 0x2d, 0x80, 0x08, 0xbc, - 0x53, 0x0e, 0x71, 0x75, 0xca, 0xbe, 0x14, 0xcc, 0x12, 0x9f, 0x28, 0x27, 0x65, 0xad, 0xf1, 0x94, - 0x78, 0xcd, 0x77, 0x2e, 0xf7, 0x47, 0xc5, 0xf7, 0xa2, 0x83, 0x5e, 0x85, 0xd3, 0xc6, 0x7b, 0x25, - 0xaa, 0x63, 0xea, 0x8d, 0x49, 0xba, 0xec, 0x4e, 0xe7, 0x60, 0x77, 0x77, 0x27, 0x1e, 0xc9, 0xb7, - 0x09, 0x35, 0xd5, 0x45, 0xc7, 0xfe, 0x95, 0x52, 0xfe, 0x6b, 0xa9, 0x15, 0xe6, 0xab, 0x56, 0xd7, - 0xd6, 0xef, 0x83, 0xc7, 0xa1, 0xd5, 0xd9, 0x26, 0x51, 0x1d, 0xe4, 0xf7, 0xc7, 0x79, 0x80, 0x27, - 0x85, 0xf6, 0xbf, 0xa8, 0xc0, 0x3d, 0x24, 0x53, 0x67, 0x41, 0x56, 0xbf, 0xb3, 0xa0, 0x83, 0x1f, - 0x2f, 0x7d, 0xce, 0x82, 0x21, 0x9f, 0x5a, 0xa1, 0xfc, 0xbc, 0x63, 0xe4, 0x62, 0xf3, 0xb8, 0xfa, - 0x9e, 0x1b, 0xbb, 0x09, 0x3f, 0xad, 0x56, 0x2e, 0x4f, 0xde, 0x88, 0x85, 0x0c, 0xe8, 0xeb, 0x56, - 0xf6, 0xf0, 0x84, 0x87, 0x1f, 0x79, 0xc7, 0x26, 0x93, 0x71, 0x22, 0xc3, 0x05, 0xd3, 0xbe, 0xfe, - 0x3e, 0x67, 0x35, 0x68, 0x12, 0x60, 0xdd, 0x0b, 0x1c, 0xdf, 0x7b, 0x93, 0xee, 0xa6, 0xab, 0x6c, - 0x59, 0x61, 0xeb, 0xf4, 0x65, 0xd5, 0x8a, 0x0d, 0x8c, 0xf3, 0x7f, 0x0e, 0x46, 0x8c, 0x37, 0xef, - 0x71, 0xc8, 0x7e, 0xd6, 0x3c, 0x64, 0xaf, 0x1b, 0x67, 0xe3, 0xe7, 0xdf, 0x0f, 0xa7, 0xf3, 0x02, - 0x1e, 0xe4, 0x79, 0xfb, 0x7f, 0x0e, 0xe7, 0x4f, 0x3c, 0x56, 0x49, 0xdc, 0xa6, 0xa2, 0xbd, 0xed, - 0x85, 0x78, 0xdb, 0x0b, 0xf1, 0xb6, 0x17, 0xc2, 0x74, 0x24, 0x8b, 0x1d, 0xf6, 0xf0, 0x7d, 0xda, - 0x61, 0x67, 0x7c, 0x06, 0xb5, 0xc2, 0x7d, 0x06, 0xf6, 0x5e, 0x15, 0x32, 0x76, 0x14, 0xef, 0xef, - 0x77, 0xc3, 0x70, 0x4c, 0xa2, 0xf0, 0x06, 0x5e, 0x10, 0x6b, 0x88, 0x0e, 0xa4, 0xe6, 0xcd, 0x58, - 0xc2, 0xe9, 0x5a, 0x13, 0x39, 0xe9, 0x86, 0x58, 0x44, 0xd4, 0x5a, 0xb3, 0xec, 0xa4, 0x1b, 0x98, - 0x41, 0xd0, 0xfb, 0xe1, 0x64, 0xea, 0xc4, 0x2d, 0x92, 0x62, 0xb2, 0xc5, 0x3e, 0xab, 0x38, 0x17, - 0x7b, 0x44, 0xe0, 0x9e, 0x5c, 0xcd, 0x40, 0x71, 0x0e, 0x1b, 0xbd, 0x01, 0x95, 0x0d, 0xe2, 0xb7, - 0x45, 0x97, 0xaf, 0x14, 0xa7, 0xe3, 0xd9, 0xbb, 0x5e, 0x21, 0x7e, 0x9b, 0x6b, 0x20, 0xfa, 0x0b, - 0x33, 0x56, 0x74, 0xbc, 0xd5, 0x37, 0x3b, 0x49, 0x1a, 0xb6, 0xbd, 0x37, 0xa5, 0x3b, 0xe8, 0x83, - 0x05, 0x33, 0xbe, 0x26, 0xe9, 0x73, 0x07, 0x82, 0xfa, 0x8b, 0x35, 0x67, 0x26, 0x47, 0xd3, 0x8b, - 0xd9, 0xa7, 0xda, 0x11, 0x5e, 0x9d, 0xa2, 0xe5, 0x98, 0x95, 0xf4, 0xb9, 0x1c, 0xea, 0x2f, 0xd6, - 0x9c, 0xd1, 0x8e, 0x1a, 0xf7, 0x23, 0x4c, 0x86, 0x1b, 0x05, 0xcb, 0xc0, 0xc7, 0x7c, 0xcf, 0xf1, - 0xff, 0x14, 0x54, 0xdd, 0x0d, 0x27, 0x4e, 0xc7, 0x47, 0xd9, 0xa0, 0x51, 0x8e, 0x8c, 0x19, 0xda, - 0x88, 0x39, 0x0c, 0x3d, 0x01, 0xe5, 0x98, 0xac, 0xb3, 0xf8, 0x3d, 0x23, 0xb2, 0x03, 0x93, 0x75, - 0x4c, 0xdb, 0xed, 0x5f, 0x2a, 0x65, 0xcd, 0xa5, 0xec, 0x7b, 0xf3, 0xd1, 0xee, 0x76, 0xe2, 0x44, - 0x3a, 0x3b, 0x8c, 0xd1, 0xce, 0x9a, 0xb1, 0x84, 0xa3, 0x4f, 0x59, 0x30, 0x7c, 0x3b, 0x09, 0x83, - 0x80, 0xa4, 0x62, 0x69, 0xba, 0x59, 0x70, 0x57, 0x5c, 0xe5, 0xd4, 0xb5, 0x0c, 0xa2, 0x01, 0x4b, - 0xbe, 0x54, 0x5c, 0xb2, 0xed, 0xfa, 0x9d, 0x66, 0xd7, 0x81, 0xfe, 0x25, 0xde, 0x8c, 0x25, 0x9c, - 0xa2, 0x7a, 0x01, 0x47, 0xad, 0x64, 0x51, 0xe7, 0x03, 0x81, 0x2a, 0xe0, 0xf6, 0x5f, 0x1e, 0x82, - 0x73, 0x3d, 0x27, 0x07, 0x35, 0x64, 0x98, 0xa9, 0x70, 0xd9, 0xf3, 0x89, 0x0c, 0x53, 0x61, 0x86, - 0xcc, 0x4d, 0xd5, 0x8a, 0x0d, 0x0c, 0xf4, 0x93, 0x00, 0x91, 0x13, 0x3b, 0x6d, 0x22, 0x16, 0xf0, - 0xf2, 0xd1, 0xed, 0x05, 0x2a, 0xc7, 0xb2, 0xa4, 0xa9, 0xf7, 0xa6, 0xaa, 0x29, 0xc1, 0x06, 0x4b, - 0xf4, 0x22, 0x8c, 0xc4, 0xc4, 0x27, 0x4e, 0xc2, 0xc2, 0x3f, 0xf3, 0xb1, 0xec, 0x58, 0x83, 0xb0, - 0x89, 0x87, 0x9e, 0x56, 0x11, 0x3d, 0xb9, 0xe8, 0x87, 0x6c, 0x54, 0x0f, 0xfa, 0xa2, 0x05, 0x27, - 0xd7, 0x3d, 0x9f, 0x68, 0xee, 0x22, 0xf2, 0x7c, 0xe9, 0xe8, 0x2f, 0x79, 0xd9, 0xa4, 0xab, 0x35, - 0x64, 0xa6, 0x39, 0xc1, 0x39, 0xf6, 0xf4, 0x33, 0x6f, 0x91, 0x98, 0xa9, 0xd6, 0xa1, 0xec, 0x67, - 0xbe, 0xc9, 0x9b, 0xb1, 0x84, 0xa3, 0x69, 0x38, 0x15, 0x39, 0x49, 0x32, 0x13, 0x93, 0x26, 0x09, - 0x52, 0xcf, 0xf1, 0x79, 0x5c, 0x78, 0x4d, 0xc7, 0x85, 0x2e, 0x67, 0xc1, 0x38, 0x8f, 0x8f, 0x3e, - 0x04, 0x8f, 0x7a, 0xad, 0x20, 0x8c, 0xc9, 0xa2, 0x97, 0x24, 0x5e, 0xd0, 0xd2, 0xc3, 0x40, 0x38, - 0x3d, 0x26, 0x04, 0xa9, 0x47, 0xe7, 0x7b, 0xa3, 0xe1, 0x7e, 0xcf, 0xa3, 0x67, 0xa1, 0x96, 0x6c, - 0x7a, 0xd1, 0x4c, 0xdc, 0x4c, 0x98, 0x83, 0xbc, 0xa6, 0x5d, 0x6c, 0x2b, 0xa2, 0x1d, 0x2b, 0x0c, - 0xe4, 0xc2, 0x28, 0xff, 0x24, 0x3c, 0x6c, 0x49, 0xe8, 0xc7, 0xe7, 0xfa, 0x2e, 0x8f, 0x22, 0x75, - 0x69, 0x12, 0x3b, 0x77, 0x2e, 0x49, 0x77, 0x7d, 0xe3, 0xf4, 0xde, 0xee, 0xc4, 0xe8, 0x4d, 0x83, - 0x0c, 0xce, 0x10, 0xb5, 0x7f, 0xa1, 0x94, 0xdd, 0x71, 0x9b, 0x93, 0x14, 0x25, 0x74, 0x2a, 0xa6, - 0x37, 0x9d, 0x58, 0x7a, 0x63, 0x8e, 0x18, 0xbe, 0x2e, 0xe8, 0xde, 0x74, 0x62, 0x73, 0x52, 0x33, - 0x06, 0x58, 0x72, 0x42, 0xb7, 0xa1, 0x92, 0xfa, 0x4e, 0x41, 0xf9, 0x2e, 0x06, 0x47, 0xed, 0x00, - 0x59, 0x98, 0x4e, 0x30, 0xe3, 0x81, 0x1e, 0xa7, 0x56, 0xff, 0x9a, 0x8c, 0x71, 0x13, 0x86, 0xfa, - 0x5a, 0x82, 0x59, 0xab, 0xfd, 0xff, 0x6a, 0x3d, 0xf4, 0xaa, 0x5a, 0xc8, 0xd0, 0x45, 0x00, 0xba, - 0x81, 0x5c, 0x8e, 0xc9, 0xba, 0xb7, 0x2d, 0x0c, 0x09, 0x35, 0x77, 0xaf, 0x2b, 0x08, 0x36, 0xb0, - 0xe4, 0x33, 0x2b, 0x9d, 0x75, 0xfa, 0x4c, 0xa9, 0xfb, 0x19, 0x0e, 0xc1, 0x06, 0x16, 0x7a, 0x01, - 0x86, 0xbc, 0xb6, 0xd3, 0x52, 0xa1, 0x78, 0x8f, 0xd3, 0x49, 0x3b, 0xcf, 0x5a, 0xee, 0xee, 0x4e, - 0x9c, 0x54, 0x02, 0xb1, 0x26, 0x2c, 0x70, 0xd1, 0xaf, 0x58, 0x30, 0xea, 0x86, 0xed, 0x76, 0x18, - 0xf0, 0x6d, 0x97, 0xd8, 0x43, 0xde, 0x3e, 0xae, 0x65, 0x7e, 0x72, 0xc6, 0x60, 0xc6, 0x37, 0x91, - 0x2a, 0x31, 0xc7, 0x04, 0xe1, 0x8c, 0x54, 0xe6, 0xdc, 0xae, 0xee, 0x33, 0xb7, 0x7f, 0xdd, 0x82, - 0x31, 0xfe, 0xac, 0xb1, 0x1b, 0x14, 0x39, 0x28, 0xe1, 0x31, 0xbf, 0x56, 0xd7, 0x06, 0x59, 0x79, - 0xe9, 0xba, 0xe0, 0xb8, 0x5b, 0x48, 0x34, 0x07, 0x63, 0xeb, 0x61, 0xec, 0x12, 0xb3, 0x23, 0x84, - 0x62, 0x52, 0x84, 0x2e, 0xe7, 0x11, 0x70, 0xf7, 0x33, 0xe8, 0x26, 0x3c, 0x62, 0x34, 0x9a, 0xfd, - 0xc0, 0x75, 0xd3, 0x93, 0x82, 0xda, 0x23, 0x97, 0x7b, 0x62, 0xe1, 0x3e, 0x4f, 0x67, 0x1d, 0x26, - 0xf5, 0x01, 0x1c, 0x26, 0xaf, 0xc3, 0x63, 0x6e, 0x77, 0xcf, 0x6c, 0x25, 0x9d, 0xb5, 0x84, 0x6b, - 0xaa, 0x5a, 0xe3, 0x07, 0x04, 0x81, 0xc7, 0x66, 0xfa, 0x21, 0xe2, 0xfe, 0x34, 0xd0, 0xc7, 0xa0, - 0x16, 0x13, 0xf6, 0x55, 0x12, 0x91, 0x90, 0x71, 0xc4, 0x5d, 0xb2, 0xb6, 0x40, 0x39, 0x59, 0xad, - 0x7b, 0x45, 0x43, 0x82, 0x15, 0xc7, 0xf3, 0x1f, 0x80, 0xb1, 0xae, 0xf1, 0x7c, 0x20, 0x9f, 0xc5, - 0x2c, 0x3c, 0xd2, 0x7b, 0xe4, 0x1c, 0xc8, 0x73, 0xf1, 0x0f, 0x72, 0x71, 0x86, 0x86, 0x35, 0x39, - 0x80, 0x17, 0xcc, 0x81, 0x32, 0x09, 0xb6, 0x84, 0x22, 0xbd, 0x7c, 0xb4, 0xde, 0xbb, 0x14, 0x6c, - 0xf1, 0x81, 0xcf, 0xb6, 0xfa, 0x97, 0x82, 0x2d, 0x4c, 0x69, 0xa3, 0x2f, 0x5b, 0x19, 0x6b, 0x88, - 0xfb, 0xce, 0x3e, 0x72, 0x2c, 0xe6, 0xf3, 0xc0, 0x06, 0x92, 0xfd, 0x2f, 0x4b, 0x70, 0x61, 0x3f, - 0x22, 0x03, 0x74, 0xdf, 0x53, 0x30, 0x94, 0xb0, 0x23, 0x50, 0xa1, 0x99, 0x46, 0xa8, 0x56, 0xe2, - 0x87, 0xa2, 0xaf, 0x63, 0x01, 0x42, 0x3e, 0x94, 0xdb, 0x4e, 0x24, 0x5c, 0x2a, 0xf3, 0x47, 0xcd, - 0x2a, 0xa0, 0xff, 0x1d, 0x7f, 0xd1, 0x89, 0xf8, 0x46, 0xdd, 0x68, 0xc0, 0x94, 0x0d, 0x4a, 0xa1, - 0xea, 0xc4, 0xb1, 0x23, 0xcf, 0xdb, 0xae, 0x15, 0xc3, 0x6f, 0x9a, 0x92, 0x6c, 0x8c, 0xed, 0xed, - 0x4e, 0x9c, 0xc8, 0x34, 0x61, 0xce, 0xcc, 0xfe, 0xdc, 0x70, 0x26, 0xb2, 0x9e, 0x1d, 0xa2, 0x26, - 0x30, 0x24, 0x3c, 0x29, 0x56, 0xd1, 0xc9, 0x1c, 0x3c, 0x35, 0x8a, 0x6d, 0x96, 0x44, 0x82, 0xa9, - 0x60, 0x85, 0x3e, 0x6b, 0xb1, 0x34, 0x4e, 0x99, 0x6d, 0x20, 0xb6, 0x28, 0xc7, 0x93, 0x55, 0x6a, - 0x26, 0x87, 0xca, 0x46, 0x6c, 0x72, 0xa7, 0x4b, 0x57, 0xc4, 0x13, 0x92, 0xf2, 0x1b, 0x15, 0x99, - 0xe8, 0x29, 0xe1, 0x68, 0xbb, 0xc7, 0x61, 0x69, 0x01, 0xa9, 0x80, 0x03, 0x1c, 0x8f, 0x7e, 0xdd, - 0x82, 0x31, 0x6e, 0x8e, 0xce, 0x7a, 0xeb, 0xeb, 0x24, 0x26, 0x81, 0x4b, 0xa4, 0x41, 0x7f, 0xc4, - 0xe3, 0x78, 0xe9, 0xbe, 0x9a, 0xcf, 0x93, 0xd7, 0x6b, 0x5a, 0x17, 0x08, 0x77, 0x0b, 0x83, 0x9a, - 0x50, 0xf1, 0x82, 0xf5, 0x50, 0xac, 0xe4, 0x8d, 0xa3, 0x09, 0x35, 0x1f, 0xac, 0x87, 0x7a, 0x36, - 0xd3, 0x7f, 0x98, 0x51, 0x47, 0x0b, 0x70, 0x36, 0x16, 0x2e, 0x97, 0x2b, 0x5e, 0x42, 0x37, 0xc6, - 0x0b, 0x5e, 0xdb, 0x4b, 0xd9, 0x2a, 0x5c, 0x6e, 0x8c, 0xef, 0xed, 0x4e, 0x9c, 0xc5, 0x3d, 0xe0, - 0xb8, 0xe7, 0x53, 0xe8, 0x4d, 0x18, 0x96, 0x79, 0xa7, 0xb5, 0x22, 0x36, 0x47, 0xdd, 0xe3, 0x5f, - 0x0d, 0xa6, 0x15, 0x91, 0x62, 0x2a, 0x19, 0xda, 0x5f, 0x1c, 0x81, 0xee, 0xb3, 0x41, 0xf4, 0x71, - 0xa8, 0xc7, 0x2a, 0x17, 0xd6, 0x2a, 0x22, 0xbe, 0x4f, 0x7e, 0x5f, 0x71, 0x2e, 0xa9, 0xec, 0x01, - 0x9d, 0xf5, 0xaa, 0x39, 0x52, 0xab, 0x3d, 0xd1, 0x47, 0x88, 0x05, 0x8c, 0x6d, 0xc1, 0x55, 0x1f, - 0x0f, 0xed, 0x04, 0x2e, 0x66, 0x3c, 0x50, 0x0c, 0x43, 0x1b, 0xc4, 0xf1, 0xd3, 0x8d, 0x62, 0x3c, - 0xd9, 0x57, 0x18, 0xad, 0x7c, 0xd6, 0x04, 0x6f, 0xc5, 0x82, 0x13, 0xda, 0x86, 0xe1, 0x0d, 0x3e, - 0x00, 0x84, 0x21, 0xbd, 0x78, 0xd4, 0xce, 0xcd, 0x8c, 0x2a, 0xfd, 0xb9, 0x45, 0x03, 0x96, 0xec, - 0x58, 0xa4, 0x85, 0x71, 0x2c, 0xce, 0xa7, 0x6e, 0x71, 0x09, 0x23, 0x83, 0x9f, 0x89, 0x7f, 0x14, - 0x46, 0x63, 0xe2, 0x86, 0x81, 0xeb, 0xf9, 0xa4, 0x39, 0x2d, 0xbd, 0xd4, 0x07, 0x49, 0x33, 0x60, - 0x9b, 0x51, 0x6c, 0xd0, 0xc0, 0x19, 0x8a, 0xe8, 0x33, 0x16, 0x9c, 0x54, 0x09, 0x74, 0xf4, 0x83, - 0x10, 0xe1, 0x15, 0x5d, 0x28, 0x28, 0x5d, 0x8f, 0xd1, 0x6c, 0xa0, 0xbd, 0xdd, 0x89, 0x93, 0xd9, - 0x36, 0x9c, 0xe3, 0x8b, 0x5e, 0x05, 0x08, 0xd7, 0x78, 0x38, 0xc5, 0x74, 0x2a, 0x5c, 0xa4, 0x07, - 0x79, 0xd5, 0x93, 0x3c, 0xdf, 0x48, 0x52, 0xc0, 0x06, 0x35, 0x74, 0x0d, 0x80, 0x4f, 0x9b, 0xd5, - 0x9d, 0x48, 0x5a, 0xdb, 0x32, 0x4f, 0x04, 0x56, 0x14, 0xe4, 0xee, 0xee, 0x44, 0xb7, 0xcb, 0x8a, - 0x9d, 0xde, 0x1b, 0x8f, 0xa3, 0x9f, 0x80, 0xe1, 0xa4, 0xd3, 0x6e, 0x3b, 0xca, 0x81, 0x5a, 0x60, - 0x06, 0x13, 0xa7, 0x6b, 0xa8, 0x22, 0xde, 0x80, 0x25, 0x47, 0x74, 0x9b, 0x2a, 0xd5, 0x44, 0xf8, - 0xd2, 0xd8, 0x2c, 0xe2, 0x36, 0xc1, 0x08, 0x7b, 0xa7, 0xf7, 0xc9, 0xe8, 0x10, 0xdc, 0x03, 0xe7, - 0xee, 0xee, 0xc4, 0x23, 0xd9, 0xf6, 0x85, 0x50, 0xe4, 0x14, 0xf5, 0xa4, 0x89, 0xae, 0xca, 0x32, - 0x14, 0xf4, 0xb5, 0x65, 0x76, 0xf4, 0x33, 0xba, 0x0c, 0x05, 0x6b, 0xee, 0xdf, 0x67, 0xe6, 0xc3, - 0x68, 0x11, 0xce, 0xb8, 0x61, 0x90, 0xc6, 0xa1, 0xef, 0xf3, 0xda, 0x2a, 0x7c, 0xe3, 0xc3, 0x1d, - 0xac, 0xef, 0x14, 0x62, 0x9f, 0x99, 0xe9, 0x46, 0xc1, 0xbd, 0x9e, 0xb3, 0x83, 0x6c, 0x9c, 0x99, - 0xe8, 0x9c, 0x17, 0x60, 0x94, 0x6c, 0xa7, 0x24, 0x0e, 0x1c, 0xff, 0x06, 0x5e, 0x90, 0xae, 0x45, - 0x36, 0x07, 0x2e, 0x19, 0xed, 0x38, 0x83, 0x85, 0x6c, 0xb5, 0xdb, 0x2f, 0xe9, 0xc4, 0x3b, 0xbe, - 0xdb, 0x97, 0x7b, 0x7b, 0xfb, 0x7f, 0x95, 0x32, 0x06, 0xd9, 0x6a, 0x4c, 0x08, 0x0a, 0xa1, 0x1a, - 0x84, 0x4d, 0xa5, 0xfb, 0xaf, 0x16, 0xa3, 0xfb, 0xaf, 0x87, 0x4d, 0xa3, 0x56, 0x05, 0xfd, 0x97, - 0x60, 0xce, 0x87, 0x25, 0xf3, 0xcb, 0xaa, 0x07, 0x0c, 0x20, 0x36, 0x1a, 0x45, 0x72, 0x56, 0xc9, - 0xfc, 0x4b, 0x26, 0x23, 0x9c, 0xe5, 0x8b, 0x36, 0xa1, 0xba, 0x11, 0x26, 0xa9, 0xdc, 0x7e, 0x1c, - 0x71, 0xa7, 0x73, 0x25, 0x4c, 0x52, 0x66, 0x45, 0xa8, 0xd7, 0xa6, 0x2d, 0x09, 0xe6, 0x3c, 0xec, - 0xff, 0x64, 0x65, 0x1c, 0xc9, 0xb7, 0x58, 0xcc, 0xe5, 0x16, 0x09, 0xe8, 0xb4, 0x36, 0xe3, 0x6d, - 0xfe, 0x6c, 0x2e, 0xf1, 0xeb, 0x5d, 0xfd, 0x2a, 0x07, 0xdd, 0xa1, 0x14, 0x26, 0x19, 0x09, 0x23, - 0x34, 0xe7, 0x93, 0x56, 0x36, 0x05, 0xaf, 0x54, 0xc4, 0x06, 0xc3, 0x4c, 0x31, 0xdd, 0x37, 0x9b, - 0xcf, 0xfe, 0xb2, 0x05, 0xc3, 0x0d, 0xc7, 0xdd, 0x0c, 0xd7, 0xd7, 0xd1, 0xb3, 0x50, 0x6b, 0x76, - 0x62, 0x33, 0x1b, 0x50, 0xed, 0x9e, 0x67, 0x45, 0x3b, 0x56, 0x18, 0x74, 0x0c, 0xaf, 0x3b, 0xae, - 0x4c, 0x34, 0x2d, 0xf3, 0x31, 0x7c, 0x99, 0xb5, 0x60, 0x01, 0x41, 0x2f, 0xc2, 0x48, 0xdb, 0xd9, - 0x96, 0x0f, 0xe7, 0xbd, 0xd8, 0x8b, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0x9f, 0x59, 0x30, 0xde, 0x70, - 0x12, 0xcf, 0x9d, 0xee, 0xa4, 0x1b, 0x0d, 0x2f, 0x5d, 0xeb, 0xb8, 0x9b, 0x24, 0xe5, 0xd9, 0xc5, - 0x54, 0xca, 0x4e, 0x42, 0xa7, 0x92, 0xda, 0xd7, 0x29, 0x29, 0x6f, 0x88, 0x76, 0xac, 0x30, 0xd0, - 0x9b, 0x30, 0x12, 0x39, 0x49, 0x72, 0x27, 0x8c, 0x9b, 0x98, 0xac, 0x17, 0x93, 0xdb, 0xbf, 0x42, - 0xdc, 0x98, 0xa4, 0x98, 0xac, 0x8b, 0x93, 0x56, 0x4d, 0x1f, 0x9b, 0xcc, 0xec, 0x2f, 0x58, 0xf0, - 0x58, 0x83, 0x38, 0x31, 0x89, 0x59, 0x29, 0x00, 0xf5, 0x22, 0x33, 0x7e, 0xd8, 0x69, 0xa2, 0x37, - 0xa0, 0x96, 0xd2, 0x66, 0x2a, 0x96, 0x55, 0xac, 0x58, 0xec, 0xa0, 0x74, 0x55, 0x10, 0xc7, 0x8a, - 0x8d, 0xfd, 0x57, 0x2c, 0x18, 0x65, 0x67, 0x4e, 0xb3, 0x24, 0x75, 0x3c, 0xbf, 0xab, 0x62, 0x8e, - 0x35, 0x60, 0xc5, 0x9c, 0x0b, 0x50, 0xd9, 0x08, 0xdb, 0x24, 0x7f, 0x5e, 0x7a, 0x25, 0xa4, 0xdb, - 0x6a, 0x0a, 0x41, 0xcf, 0xd3, 0x0f, 0xef, 0x05, 0xa9, 0x43, 0xa7, 0x80, 0xf4, 0x69, 0x9e, 0xe2, - 0x1f, 0x5d, 0x35, 0x63, 0x13, 0xc7, 0xfe, 0xad, 0x3a, 0x0c, 0x8b, 0x43, 0xf5, 0x81, 0x33, 0xcc, - 0xe5, 0xfe, 0xbe, 0xd4, 0x77, 0x7f, 0x9f, 0xc0, 0x90, 0xcb, 0xea, 0x71, 0x09, 0x33, 0xf2, 0x5a, - 0x21, 0x51, 0x18, 0xbc, 0xc4, 0x97, 0x16, 0x8b, 0xff, 0xc7, 0x82, 0x15, 0xfa, 0x92, 0x05, 0xa7, - 0xdc, 0x30, 0x08, 0x88, 0xab, 0x6d, 0x9c, 0x4a, 0x11, 0x87, 0xed, 0x33, 0x59, 0xa2, 0xfa, 0xc0, - 0x23, 0x07, 0xc0, 0x79, 0xf6, 0xe8, 0x65, 0x38, 0xc1, 0xfb, 0xec, 0x66, 0xc6, 0x11, 0xab, 0x0b, - 0xa9, 0x98, 0x40, 0x9c, 0xc5, 0x45, 0x93, 0xdc, 0xa1, 0x2d, 0x4a, 0x96, 0x0c, 0xe9, 0xd3, 0x33, - 0xa3, 0x58, 0x89, 0x81, 0x81, 0x62, 0x40, 0x31, 0x59, 0x8f, 0x49, 0xb2, 0x21, 0x82, 0x0e, 0x98, - 0x7d, 0x35, 0x7c, 0xb8, 0x8c, 0x55, 0xdc, 0x45, 0x09, 0xf7, 0xa0, 0x8e, 0x36, 0xc5, 0x06, 0xb3, - 0x56, 0x84, 0x0e, 0x15, 0x9f, 0xb9, 0xef, 0x3e, 0x73, 0x02, 0xaa, 0xc9, 0x86, 0x13, 0x37, 0x99, - 0x5d, 0x57, 0xe6, 0x59, 0x12, 0x2b, 0xb4, 0x01, 0xf3, 0x76, 0x34, 0x0b, 0xa7, 0x73, 0x65, 0x60, - 0x12, 0xe1, 0x30, 0x55, 0xa1, 0xfd, 0xb9, 0x02, 0x32, 0x09, 0xee, 0x7a, 0xc2, 0x74, 0x3e, 0x8c, - 0xec, 0xe3, 0x7c, 0xd8, 0x51, 0xa1, 0x6d, 0xa3, 0x6c, 0x7d, 0x7c, 0xa5, 0x90, 0x0e, 0x18, 0x28, - 0x8e, 0xed, 0xf3, 0xb9, 0x38, 0xb6, 0x13, 0x4c, 0x80, 0x9b, 0xc5, 0x08, 0x70, 0xf0, 0xa0, 0xb5, - 0x07, 0x19, 0x84, 0xf6, 0x3f, 0x2c, 0x90, 0xdf, 0x75, 0xc6, 0x71, 0x37, 0x08, 0x1d, 0x32, 0xe8, - 0xfd, 0x70, 0x52, 0x6d, 0xa1, 0x67, 0xc2, 0x4e, 0xc0, 0xe3, 0xcf, 0xca, 0xfa, 0x64, 0x14, 0x67, - 0xa0, 0x38, 0x87, 0x8d, 0xa6, 0xa0, 0x4e, 0xfb, 0x89, 0x3f, 0xca, 0xd7, 0x5a, 0xb5, 0x4d, 0x9f, - 0x5e, 0x9e, 0x17, 0x4f, 0x69, 0x1c, 0x14, 0xc2, 0x98, 0xef, 0x24, 0x29, 0x93, 0x80, 0xee, 0xa8, - 0x0f, 0x99, 0x2f, 0xce, 0xe2, 0xc7, 0x17, 0xf2, 0x84, 0x70, 0x37, 0x6d, 0xfb, 0xdb, 0x15, 0x38, - 0x91, 0xd1, 0x8c, 0x07, 0x5c, 0xa4, 0x9f, 0x85, 0x9a, 0x5c, 0x37, 0xf3, 0x55, 0x2b, 0xd4, 0xe2, - 0xaa, 0x30, 0xe8, 0xa2, 0xb5, 0xa6, 0x57, 0xd5, 0xbc, 0x51, 0x61, 0x2c, 0xb8, 0xd8, 0xc4, 0x63, - 0x4a, 0x39, 0xf5, 0x93, 0x19, 0xdf, 0x23, 0x41, 0xca, 0xc5, 0x2c, 0x46, 0x29, 0xaf, 0x2e, 0xac, - 0x98, 0x44, 0xb5, 0x52, 0xce, 0x01, 0x70, 0x9e, 0x3d, 0xfa, 0x69, 0x0b, 0x4e, 0x38, 0x77, 0x12, - 0x5d, 0x34, 0x52, 0x44, 0xac, 0x1d, 0x71, 0x91, 0xca, 0xd4, 0xa1, 0xe4, 0x2e, 0xdf, 0x4c, 0x13, - 0xce, 0x32, 0x45, 0x5f, 0xb5, 0x00, 0x91, 0x6d, 0xe2, 0xca, 0x98, 0x3a, 0x21, 0xcb, 0x50, 0x11, - 0x3b, 0xcd, 0x4b, 0x5d, 0x74, 0xb9, 0x56, 0xef, 0x6e, 0xc7, 0x3d, 0x64, 0xb0, 0xff, 0x71, 0x59, - 0x4d, 0x28, 0x1d, 0xc6, 0xe9, 0x18, 0xe1, 0x64, 0xd6, 0xe1, 0xc3, 0xc9, 0xf4, 0xb1, 0x7c, 0x77, - 0x1a, 0x5a, 0x26, 0xfd, 0xa6, 0xf4, 0x80, 0xd2, 0x6f, 0x7e, 0xca, 0xca, 0xd4, 0x67, 0x19, 0xb9, - 0xf8, 0x6a, 0xb1, 0x21, 0xa4, 0x93, 0x3c, 0x64, 0x20, 0xa7, 0xdd, 0xb3, 0x91, 0x22, 0x54, 0x9b, - 0x1a, 0x68, 0x07, 0xd2, 0x86, 0xff, 0xb6, 0x0c, 0x23, 0xc6, 0x4a, 0xda, 0xd3, 0x2c, 0xb2, 0x1e, - 0x32, 0xb3, 0xa8, 0x74, 0x00, 0xb3, 0xe8, 0x27, 0xa1, 0xee, 0x4a, 0x2d, 0x5f, 0x4c, 0x85, 0xd2, - 0xfc, 0xda, 0xa1, 0x15, 0xbd, 0x6a, 0xc2, 0x9a, 0x27, 0x9a, 0xcb, 0xe4, 0xaf, 0x88, 0x15, 0xa2, - 0xc2, 0x56, 0x88, 0x5e, 0x09, 0x26, 0x62, 0xa5, 0xe8, 0x7e, 0x86, 0x95, 0xf1, 0x89, 0x3c, 0xf1, - 0x5e, 0x32, 0xd0, 0x9b, 0x97, 0xf1, 0x59, 0x9e, 0x97, 0xcd, 0xd8, 0xc4, 0xb1, 0xbf, 0x6d, 0xa9, - 0x8f, 0x7b, 0x1f, 0x92, 0xda, 0x6f, 0x67, 0x93, 0xda, 0x2f, 0x15, 0xd2, 0xcd, 0x7d, 0xb2, 0xd9, - 0xaf, 0xc3, 0xf0, 0x4c, 0xd8, 0x6e, 0x3b, 0x41, 0x13, 0xfd, 0x20, 0x0c, 0xbb, 0xfc, 0xa7, 0x70, - 0xec, 0xb0, 0xe3, 0x41, 0x01, 0xc5, 0x12, 0x86, 0x1e, 0x87, 0x8a, 0x13, 0xb7, 0xa4, 0x33, 0x87, - 0x45, 0x98, 0x4c, 0xc7, 0xad, 0x04, 0xb3, 0x56, 0xfb, 0xef, 0x57, 0x00, 0x66, 0xc2, 0x76, 0xe4, - 0xc4, 0xa4, 0xb9, 0x1a, 0xb2, 0x0a, 0x69, 0xc7, 0x7a, 0xa8, 0xa6, 0x37, 0x4b, 0x0f, 0xf3, 0xc1, - 0x9a, 0x71, 0xb8, 0x52, 0xbe, 0xcf, 0x87, 0x2b, 0x7d, 0xce, 0xcb, 0x2a, 0x0f, 0xd1, 0x79, 0x99, - 0xfd, 0x39, 0x0b, 0x10, 0x1d, 0x34, 0x61, 0x40, 0x82, 0x54, 0x1f, 0x68, 0x4f, 0x41, 0xdd, 0x95, - 0xad, 0xc2, 0xb0, 0xd2, 0x2a, 0x42, 0x02, 0xb0, 0xc6, 0x19, 0x60, 0x87, 0xfc, 0x94, 0xd4, 0xdf, - 0xe5, 0x6c, 0x70, 0x2a, 0xd3, 0xfa, 0x42, 0x9d, 0xdb, 0xbf, 0x5d, 0x82, 0x47, 0xf8, 0x92, 0xbc, - 0xe8, 0x04, 0x4e, 0x8b, 0xb4, 0xa9, 0x54, 0x83, 0x86, 0x28, 0xb8, 0x74, 0x6b, 0xe6, 0xc9, 0x60, - 0xd3, 0xa3, 0xce, 0x5d, 0x3e, 0xe7, 0xf8, 0x2c, 0x9b, 0x0f, 0xbc, 0x14, 0x33, 0xe2, 0x28, 0x81, - 0x9a, 0x2c, 0xc9, 0x2d, 0x74, 0x71, 0x41, 0x8c, 0x94, 0x5a, 0x12, 0xeb, 0x26, 0xc1, 0x8a, 0x11, - 0x35, 0x5c, 0xfd, 0xd0, 0xdd, 0xc4, 0x24, 0x0a, 0x99, 0xde, 0x35, 0x62, 0xfd, 0x16, 0x44, 0x3b, - 0x56, 0x18, 0xf6, 0x6f, 0x5b, 0x90, 0x5f, 0x91, 0x8c, 0x72, 0x55, 0xd6, 0x3d, 0xcb, 0x55, 0x1d, - 0xa0, 0x5e, 0xd4, 0x8f, 0xc3, 0x88, 0x93, 0x52, 0x23, 0x82, 0x6f, 0xbb, 0xcb, 0x87, 0x3b, 0xd6, - 0x58, 0x0c, 0x9b, 0xde, 0xba, 0xc7, 0xb6, 0xdb, 0x26, 0x39, 0xfb, 0xbf, 0x55, 0x60, 0xac, 0x2b, - 0x25, 0x02, 0xbd, 0x04, 0xa3, 0xae, 0x18, 0x1e, 0x91, 0x74, 0x68, 0xd5, 0xcd, 0xd8, 0x30, 0x0d, - 0xc3, 0x19, 0xcc, 0x01, 0x06, 0xe8, 0x3c, 0x9c, 0x89, 0xe9, 0x46, 0xbf, 0x43, 0xa6, 0xd7, 0x53, - 0x12, 0xaf, 0x10, 0x37, 0x0c, 0x9a, 0xbc, 0xa8, 0x5a, 0xb9, 0xf1, 0xe8, 0xde, 0xee, 0xc4, 0x19, - 0xdc, 0x0d, 0xc6, 0xbd, 0x9e, 0x41, 0x11, 0x9c, 0xf0, 0x4d, 0x1b, 0x50, 0x6c, 0x00, 0x0e, 0x65, - 0x3e, 0x2a, 0x1b, 0x21, 0xd3, 0x8c, 0xb3, 0x0c, 0xb2, 0x86, 0x64, 0xf5, 0x01, 0x19, 0x92, 0x9f, - 0xd6, 0x86, 0x24, 0x3f, 0x7f, 0xff, 0x70, 0xc1, 0x29, 0x31, 0xc7, 0x6d, 0x49, 0xbe, 0x02, 0x35, - 0x19, 0x9b, 0x34, 0x50, 0x4c, 0x8f, 0x49, 0xa7, 0x8f, 0x46, 0xbb, 0x5b, 0x82, 0x1e, 0x9b, 0x10, - 0x3a, 0xcf, 0xf4, 0x8a, 0x9f, 0x99, 0x67, 0x07, 0x5b, 0xf5, 0xd1, 0x36, 0x8f, 0xcb, 0xe2, 0x6b, - 0xdb, 0x87, 0x8a, 0xde, 0x44, 0xe9, 0x50, 0x2d, 0x95, 0x29, 0xa0, 0xc2, 0xb5, 0x2e, 0x02, 0x68, - 0x43, 0x4d, 0xc4, 0x81, 0xab, 0x63, 0x5f, 0x6d, 0xcf, 0x61, 0x03, 0x8b, 0xee, 0xa9, 0xbd, 0x20, - 0x49, 0x1d, 0xdf, 0xbf, 0xe2, 0x05, 0xa9, 0x70, 0x0e, 0xaa, 0x45, 0x7c, 0x5e, 0x83, 0xb0, 0x89, - 0x77, 0xfe, 0x7d, 0xc6, 0x77, 0x39, 0xc8, 0xf7, 0xdc, 0x80, 0xc7, 0xe6, 0xbc, 0x54, 0x65, 0x2f, - 0xa8, 0x71, 0x44, 0xed, 0x30, 0x95, 0x8d, 0x63, 0xf5, 0xcd, 0xc6, 0x31, 0xb2, 0x07, 0x4a, 0xd9, - 0x64, 0x87, 0x7c, 0xf6, 0x80, 0xfd, 0x12, 0x9c, 0x9d, 0xf3, 0xd2, 0xcb, 0x9e, 0x4f, 0x0e, 0xc8, - 0xc4, 0xfe, 0xcd, 0x21, 0x18, 0x35, 0xf3, 0xdf, 0x0e, 0x92, 0x50, 0xf4, 0x05, 0x6a, 0x6a, 0x89, - 0xb7, 0xf3, 0xd4, 0xa1, 0xd9, 0xad, 0x23, 0x27, 0xe3, 0xf5, 0xee, 0x31, 0xc3, 0xda, 0xd2, 0x3c, - 0xb1, 0x29, 0x00, 0xba, 0x03, 0xd5, 0x75, 0x16, 0xdd, 0x5e, 0x2e, 0x22, 0xb2, 0xa0, 0x57, 0x8f, - 0xea, 0x69, 0xc6, 0xe3, 0xe3, 0x39, 0x3f, 0xba, 0x42, 0xc6, 0xd9, 0x94, 0x29, 0x23, 0x22, 0x53, - 0x24, 0x4b, 0x29, 0x8c, 0x7e, 0xaa, 0xbe, 0x7a, 0x08, 0x55, 0x9f, 0x51, 0xbc, 0x43, 0x0f, 0x48, - 0xf1, 0xb2, 0x4c, 0x85, 0x74, 0x83, 0xd9, 0x6f, 0x22, 0x84, 0x7c, 0x98, 0x75, 0x82, 0x91, 0xa9, - 0x90, 0x01, 0xe3, 0x3c, 0x3e, 0xfa, 0x84, 0x52, 0xdd, 0xb5, 0x22, 0xfc, 0xaa, 0xe6, 0x88, 0x3e, - 0x6e, 0xad, 0xfd, 0xb9, 0x12, 0x9c, 0x9c, 0x0b, 0x3a, 0xcb, 0x73, 0xcb, 0x9d, 0x35, 0xdf, 0x73, - 0xaf, 0x91, 0x1d, 0xaa, 0x9a, 0x37, 0xc9, 0xce, 0xfc, 0xac, 0x98, 0x41, 0x6a, 0xcc, 0x5c, 0xa3, - 0x8d, 0x98, 0xc3, 0xa8, 0x32, 0x5a, 0xf7, 0x82, 0x16, 0x89, 0xa3, 0xd8, 0x13, 0x2e, 0x4f, 0x43, - 0x19, 0x5d, 0xd6, 0x20, 0x6c, 0xe2, 0x51, 0xda, 0xe1, 0x9d, 0x80, 0xc4, 0x79, 0x43, 0x76, 0x89, - 0x36, 0x62, 0x0e, 0xa3, 0x48, 0x69, 0xdc, 0x49, 0x52, 0x31, 0x18, 0x15, 0xd2, 0x2a, 0x6d, 0xc4, - 0x1c, 0x46, 0x67, 0x7a, 0xd2, 0x59, 0x63, 0x81, 0x1b, 0xb9, 0x78, 0xf5, 0x15, 0xde, 0x8c, 0x25, - 0x9c, 0xa2, 0x6e, 0x92, 0x9d, 0x59, 0xba, 0xeb, 0xcd, 0xa5, 0xad, 0x5c, 0xe3, 0xcd, 0x58, 0xc2, - 0x59, 0x35, 0xb8, 0x6c, 0x77, 0x7c, 0xcf, 0x55, 0x83, 0xcb, 0x8a, 0xdf, 0x67, 0xff, 0xfc, 0xcb, - 0x16, 0x8c, 0x9a, 0xe1, 0x56, 0xa8, 0x95, 0xb3, 0x71, 0x97, 0xba, 0x8a, 0x89, 0xfe, 0x68, 0xaf, - 0x9b, 0x93, 0x5a, 0x5e, 0x1a, 0x46, 0xc9, 0x73, 0x24, 0x68, 0x79, 0x01, 0x61, 0xa7, 0xe8, 0x3c, - 0x4c, 0x2b, 0x13, 0xcb, 0x35, 0x13, 0x36, 0xc9, 0x21, 0x8c, 0x64, 0xfb, 0x16, 0x8c, 0x75, 0xe5, - 0x2a, 0x0d, 0x60, 0x5a, 0xec, 0x9b, 0x29, 0x6a, 0x63, 0x18, 0xa1, 0x84, 0x65, 0x69, 0x95, 0x19, - 0x18, 0xe3, 0x13, 0x89, 0x72, 0x5a, 0x71, 0x37, 0x48, 0x5b, 0xe5, 0x9f, 0x31, 0xff, 0xfa, 0xcd, - 0x3c, 0x10, 0x77, 0xe3, 0xdb, 0x9f, 0xb7, 0xe0, 0x44, 0x26, 0x7d, 0xac, 0x20, 0x23, 0x88, 0xcd, - 0xb4, 0x90, 0x45, 0xff, 0xb1, 0x10, 0xe8, 0x32, 0x5b, 0x4c, 0xf5, 0x4c, 0xd3, 0x20, 0x6c, 0xe2, - 0xd9, 0x5f, 0x2e, 0x41, 0x4d, 0x46, 0x50, 0x0c, 0x20, 0xca, 0x67, 0x2d, 0x38, 0xa1, 0xce, 0x34, - 0x98, 0xb3, 0xac, 0x54, 0x44, 0xac, 0x3f, 0x95, 0x40, 0x6d, 0xb7, 0x83, 0xf5, 0x50, 0x5b, 0xe4, - 0xd8, 0x64, 0x86, 0xb3, 0xbc, 0xd1, 0x4d, 0x80, 0x64, 0x27, 0x49, 0x49, 0xdb, 0x70, 0xdb, 0xd9, - 0xc6, 0x8c, 0x9b, 0x74, 0xc3, 0x98, 0xd0, 0xf9, 0x75, 0x3d, 0x6c, 0x92, 0x15, 0x85, 0xa9, 0x4d, - 0x28, 0xdd, 0x86, 0x0d, 0x4a, 0xf6, 0xdf, 0x2d, 0xc1, 0xe9, 0xbc, 0x48, 0xe8, 0xc3, 0x30, 0x2a, - 0xb9, 0x1b, 0xb7, 0x40, 0xc9, 0xb0, 0x91, 0x51, 0x6c, 0xc0, 0xee, 0xee, 0x4e, 0x4c, 0x74, 0xdf, - 0xc2, 0x35, 0x69, 0xa2, 0xe0, 0x0c, 0x31, 0x7e, 0xb0, 0x24, 0x4e, 0x40, 0x1b, 0x3b, 0xd3, 0x51, - 0x24, 0x4e, 0x87, 0x8c, 0x83, 0x25, 0x13, 0x8a, 0x73, 0xd8, 0x68, 0x19, 0xce, 0x1a, 0x2d, 0xd7, - 0x89, 0xd7, 0xda, 0x58, 0x0b, 0x63, 0xb9, 0xb3, 0x7a, 0x5c, 0x07, 0x76, 0x75, 0xe3, 0xe0, 0x9e, - 0x4f, 0xd2, 0xd5, 0xde, 0x75, 0x22, 0xc7, 0xf5, 0xd2, 0x1d, 0xe1, 0x87, 0x54, 0xba, 0x69, 0x46, - 0xb4, 0x63, 0x85, 0x61, 0x2f, 0x42, 0x65, 0xc0, 0x11, 0x34, 0x90, 0x45, 0xff, 0x0a, 0xd4, 0x28, - 0x39, 0x69, 0xde, 0x15, 0x41, 0x32, 0x84, 0x9a, 0xbc, 0xc8, 0x01, 0xd9, 0x50, 0xf6, 0x1c, 0x79, - 0x76, 0xa7, 0x5e, 0x6b, 0x3e, 0x49, 0x3a, 0x6c, 0x93, 0x4c, 0x81, 0xe8, 0x29, 0x28, 0x93, 0xed, - 0x28, 0x7f, 0x48, 0x77, 0x69, 0x3b, 0xf2, 0x62, 0x92, 0x50, 0x24, 0xb2, 0x1d, 0xa1, 0xf3, 0x50, - 0xf2, 0x9a, 0x62, 0x91, 0x02, 0x81, 0x53, 0x9a, 0x9f, 0xc5, 0x25, 0xaf, 0x69, 0x6f, 0x43, 0x5d, - 0xdd, 0x1c, 0x81, 0x36, 0xa5, 0xee, 0xb6, 0x8a, 0x08, 0x79, 0x92, 0x74, 0xfb, 0x68, 0xed, 0x0e, - 0x80, 0xce, 0xa3, 0x2b, 0x4a, 0xbf, 0x5c, 0x80, 0x8a, 0x1b, 0x8a, 0x1c, 0xdf, 0x9a, 0x26, 0xc3, - 0x94, 0x36, 0x83, 0xd8, 0xb7, 0xe0, 0xe4, 0xb5, 0x20, 0xbc, 0xc3, 0x4a, 0x63, 0xb3, 0x92, 0x56, - 0x94, 0xf0, 0x3a, 0xfd, 0x91, 0x37, 0x11, 0x18, 0x14, 0x73, 0x98, 0x2a, 0x7b, 0x54, 0xea, 0x57, - 0xf6, 0xc8, 0xfe, 0xa4, 0x05, 0xa7, 0x55, 0x36, 0x90, 0xd4, 0xc6, 0x2f, 0xc1, 0xe8, 0x5a, 0xc7, - 0xf3, 0x9b, 0xb2, 0x50, 0x56, 0xce, 0x4d, 0xd1, 0x30, 0x60, 0x38, 0x83, 0x49, 0x37, 0x55, 0x6b, - 0x5e, 0xe0, 0xc4, 0x3b, 0xcb, 0x5a, 0xfd, 0x2b, 0x8d, 0xd0, 0x50, 0x10, 0x6c, 0x60, 0xd9, 0x9f, - 0x35, 0x45, 0x10, 0xf9, 0x47, 0x03, 0xf4, 0xec, 0x0d, 0xa8, 0xba, 0xea, 0xac, 0xf7, 0x50, 0xc5, - 0xfc, 0x54, 0x7e, 0x39, 0xf3, 0xf7, 0x73, 0x6a, 0xf6, 0x3f, 0x29, 0xc1, 0x89, 0x4c, 0xcd, 0x12, - 0xe4, 0x43, 0x8d, 0xf8, 0xcc, 0x95, 0x27, 0x87, 0xd8, 0x51, 0xcb, 0x45, 0xaa, 0x69, 0x71, 0x49, - 0xd0, 0xc5, 0x8a, 0xc3, 0xc3, 0x71, 0xa4, 0xf6, 0x12, 0x8c, 0x4a, 0x81, 0x3e, 0xe4, 0xb4, 0x7d, - 0x31, 0x0b, 0xd5, 0x00, 0xb8, 0x64, 0xc0, 0x70, 0x06, 0xd3, 0xfe, 0x9d, 0x32, 0x8c, 0x73, 0xdf, - 0x67, 0x53, 0x45, 0xbd, 0x2c, 0x4a, 0x2b, 0xeb, 0x2f, 0xe8, 0xca, 0x42, 0xbc, 0x23, 0xd7, 0x8e, - 0x5a, 0x9d, 0xb9, 0x37, 0xa3, 0x81, 0xe2, 0x31, 0x7e, 0x31, 0x17, 0x8f, 0xc1, 0x17, 0xdb, 0xd6, - 0x31, 0x49, 0xf4, 0xbd, 0x15, 0xa0, 0xf1, 0xb7, 0x4a, 0x70, 0x2a, 0x57, 0xfa, 0x1a, 0x7d, 0x31, - 0x5b, 0xf6, 0xd1, 0x2a, 0xc2, 0x43, 0x76, 0xcf, 0x6a, 0xc8, 0x07, 0x2b, 0xfe, 0xf8, 0x80, 0xa6, - 0x8a, 0xfd, 0x7b, 0x25, 0x38, 0x99, 0xad, 0xd9, 0xfd, 0x10, 0xf6, 0xd4, 0x7b, 0xa0, 0xce, 0xca, - 0xd2, 0xb2, 0x7b, 0xc6, 0xb8, 0x23, 0x8e, 0x97, 0x32, 0x95, 0x8d, 0x58, 0xc3, 0x1f, 0x8a, 0x9a, - 0x9a, 0xf6, 0xdf, 0xb6, 0xe0, 0x1c, 0x7f, 0xcb, 0xfc, 0x38, 0xfc, 0x8b, 0xbd, 0x7a, 0xf7, 0xb5, - 0x62, 0x05, 0xcc, 0x55, 0xc4, 0xda, 0xaf, 0x7f, 0xd9, 0xfd, 0x46, 0x42, 0xda, 0xec, 0x50, 0x78, - 0x08, 0x85, 0x3d, 0xd0, 0x60, 0xb0, 0x7f, 0xaf, 0x0c, 0xfa, 0x4a, 0x27, 0xe4, 0x89, 0xcc, 0xa6, - 0x42, 0x2a, 0x83, 0xad, 0xec, 0x04, 0xae, 0xbe, 0x3c, 0xaa, 0x96, 0x4b, 0x6c, 0xfa, 0x39, 0x0b, - 0x46, 0xbc, 0xc0, 0x4b, 0x3d, 0x87, 0x19, 0xcf, 0xc5, 0x5c, 0x49, 0xa3, 0xd8, 0xcd, 0x73, 0xca, - 0x61, 0x6c, 0x7a, 0x6f, 0x15, 0x33, 0x6c, 0x72, 0x46, 0x1f, 0x15, 0x21, 0x93, 0xe5, 0xc2, 0x72, - 0xf2, 0x6a, 0xb9, 0x38, 0xc9, 0x08, 0xaa, 0x31, 0x49, 0xe3, 0x82, 0x52, 0x59, 0x31, 0x25, 0xa5, - 0x8a, 0x4c, 0xea, 0xcb, 0x35, 0x69, 0x33, 0xe6, 0x8c, 0xec, 0x04, 0x50, 0x77, 0x5f, 0x1c, 0x30, - 0x1c, 0x6d, 0x0a, 0xea, 0x4e, 0x27, 0x0d, 0xdb, 0xb4, 0x9b, 0x84, 0x83, 0x59, 0x07, 0xdc, 0x49, - 0x00, 0xd6, 0x38, 0xf6, 0x17, 0xab, 0x90, 0x4b, 0x35, 0x42, 0xdb, 0xe6, 0x75, 0x64, 0x56, 0xb1, - 0xd7, 0x91, 0x29, 0x61, 0x7a, 0x5d, 0x49, 0x86, 0x5a, 0x50, 0x8d, 0x36, 0x9c, 0x44, 0xda, 0xc6, - 0xaf, 0xc8, 0x6e, 0x5a, 0xa6, 0x8d, 0x77, 0x77, 0x27, 0x7e, 0x6c, 0x30, 0x5f, 0x0b, 0x1d, 0xab, - 0x53, 0x3c, 0x73, 0x5f, 0xb3, 0x66, 0x34, 0x30, 0xa7, 0x7f, 0x90, 0x4b, 0x79, 0x3e, 0x25, 0x0a, - 0x09, 0x63, 0x92, 0x74, 0xfc, 0x54, 0x8c, 0x86, 0x57, 0x0a, 0x9c, 0x65, 0x9c, 0xb0, 0x4e, 0x92, - 0xe5, 0xff, 0xb1, 0xc1, 0x14, 0x7d, 0x18, 0xea, 0x49, 0xea, 0xc4, 0xe9, 0x21, 0xd3, 0xda, 0x54, - 0xa7, 0xaf, 0x48, 0x22, 0x58, 0xd3, 0x43, 0xaf, 0xb2, 0x42, 0x89, 0x5e, 0xb2, 0x71, 0xc8, 0x48, - 0x67, 0x59, 0x54, 0x51, 0x50, 0xc0, 0x06, 0x35, 0xba, 0xf5, 0x60, 0x63, 0x9b, 0x87, 0xf7, 0xd4, - 0xd8, 0xde, 0x52, 0xa9, 0x42, 0xac, 0x20, 0xd8, 0xc0, 0xb2, 0x7f, 0x08, 0xb2, 0x59, 0xde, 0x68, - 0x42, 0x26, 0x95, 0x73, 0xdf, 0x13, 0x8b, 0x58, 0xce, 0xe4, 0x7f, 0xff, 0xba, 0x05, 0x66, 0x2a, - 0x3a, 0x7a, 0x83, 0xe7, 0xbc, 0x5b, 0x45, 0x9c, 0x17, 0x18, 0x74, 0x27, 0x17, 0x9d, 0x28, 0x77, - 0x70, 0x25, 0x13, 0xdf, 0xcf, 0xbf, 0x0f, 0x6a, 0x12, 0x7a, 0x20, 0xa3, 0xee, 0x13, 0x70, 0x26, - 0x7f, 0x59, 0xab, 0xf0, 0x35, 0xb7, 0xe2, 0xb0, 0x13, 0xe5, 0x37, 0x92, 0xec, 0x32, 0x4f, 0xcc, - 0x61, 0x74, 0x3b, 0xb6, 0xe9, 0x05, 0xcd, 0xfc, 0x46, 0xf2, 0x9a, 0x17, 0x34, 0x31, 0x83, 0x0c, - 0x70, 0x29, 0xdd, 0x6f, 0x58, 0x70, 0x61, 0xbf, 0x3b, 0x65, 0xd1, 0xe3, 0x50, 0xb9, 0xe3, 0xc4, - 0xb2, 0x82, 0x2d, 0x53, 0x94, 0xb7, 0x9c, 0x38, 0xc0, 0xac, 0x15, 0xed, 0xc0, 0x10, 0x8f, 0x01, - 0x11, 0xd6, 0xfa, 0x2b, 0xc5, 0xde, 0x70, 0x7b, 0x8d, 0x18, 0xdb, 0x05, 0x1e, 0x7f, 0x82, 0x05, - 0x43, 0xfb, 0x3b, 0x16, 0xa0, 0xa5, 0x2d, 0x12, 0xc7, 0x5e, 0xd3, 0x88, 0x5a, 0x41, 0x2f, 0xc0, - 0xe8, 0xed, 0x95, 0xa5, 0xeb, 0xcb, 0xa1, 0x17, 0xb0, 0xaa, 0x0f, 0x46, 0x62, 0xdb, 0x55, 0xa3, - 0x1d, 0x67, 0xb0, 0xd0, 0x0c, 0x8c, 0xdd, 0x7e, 0x83, 0x6e, 0x7e, 0xcd, 0x6a, 0xf9, 0x25, 0xed, - 0xee, 0xbc, 0xfa, 0x4a, 0x0e, 0x88, 0xbb, 0xf1, 0xd1, 0x12, 0x9c, 0x6b, 0xf3, 0xed, 0x06, 0x2f, - 0x72, 0xcd, 0xf7, 0x1e, 0x2a, 0x8d, 0xe4, 0xb1, 0xbd, 0xdd, 0x89, 0x73, 0x8b, 0xbd, 0x10, 0x70, - 0xef, 0xe7, 0xec, 0xf7, 0x01, 0xe2, 0xc1, 0x2a, 0x33, 0xbd, 0x22, 0x0f, 0xfa, 0xee, 0xc4, 0xed, - 0xaf, 0x55, 0xe1, 0x54, 0xae, 0xbe, 0x21, 0xdd, 0xea, 0x75, 0x87, 0x3a, 0x1c, 0x79, 0xfd, 0xee, - 0x16, 0x6f, 0xa0, 0xe0, 0x89, 0x00, 0xaa, 0x5e, 0x10, 0x75, 0xd2, 0x62, 0x32, 0xc7, 0xb8, 0x10, - 0xf3, 0x94, 0xa0, 0xe1, 0x24, 0xa2, 0x7f, 0x31, 0x67, 0x53, 0x64, 0x28, 0x46, 0xc6, 0x18, 0xaf, - 0x3c, 0x20, 0x77, 0xc0, 0xa7, 0x74, 0x60, 0x44, 0xb5, 0x88, 0x83, 0xfa, 0xdc, 0x60, 0x39, 0xee, - 0x03, 0xb6, 0x5f, 0x2b, 0xc1, 0x88, 0xf1, 0xd1, 0xd0, 0x2f, 0x65, 0x0b, 0xb5, 0x58, 0xc5, 0xbd, - 0x12, 0xa3, 0x3f, 0xa9, 0x4b, 0xb1, 0xf0, 0x57, 0x7a, 0xba, 0xbb, 0x46, 0xcb, 0xdd, 0xdd, 0x89, - 0xd3, 0xb9, 0x2a, 0x2c, 0x99, 0xba, 0x2d, 0xe7, 0x3f, 0x0e, 0xa7, 0x72, 0x64, 0x7a, 0xbc, 0xf2, - 0x6a, 0xf6, 0x2e, 0xde, 0x23, 0xba, 0xa5, 0xcc, 0x2e, 0x7b, 0x8b, 0x76, 0x99, 0xbe, 0xa2, 0x7d, - 0x00, 0x77, 0x5c, 0x2e, 0x47, 0xae, 0x34, 0x60, 0x8e, 0xdc, 0x33, 0x50, 0x8b, 0x42, 0xdf, 0x73, - 0x3d, 0x55, 0xd2, 0x8b, 0x65, 0xe5, 0x2d, 0x8b, 0x36, 0xac, 0xa0, 0xe8, 0x0e, 0xd4, 0xd5, 0xb5, - 0xc5, 0x22, 0x08, 0xb1, 0x28, 0x57, 0xaf, 0x32, 0x5a, 0xf4, 0x75, 0xc4, 0x9a, 0x17, 0xb2, 0x61, - 0x88, 0x2d, 0x82, 0x32, 0xe0, 0x97, 0x65, 0x70, 0xb2, 0xd5, 0x31, 0xc1, 0x02, 0x62, 0x7f, 0xa3, - 0x0e, 0x67, 0x7b, 0x15, 0x99, 0x45, 0x1f, 0x83, 0x21, 0x2e, 0x63, 0x31, 0x75, 0xcc, 0x7b, 0xf1, - 0x98, 0x63, 0x04, 0x85, 0x58, 0xec, 0x37, 0x16, 0x3c, 0x05, 0x77, 0xdf, 0x59, 0x13, 0x23, 0xe4, - 0x78, 0xb8, 0x2f, 0x38, 0x9a, 0xfb, 0x82, 0xc3, 0xb9, 0xfb, 0xce, 0x1a, 0xda, 0x86, 0x6a, 0xcb, - 0x4b, 0x89, 0x23, 0x9c, 0x08, 0xb7, 0x8e, 0x85, 0x39, 0x71, 0xb8, 0x95, 0xc6, 0x7e, 0x62, 0xce, - 0x10, 0x7d, 0xdd, 0x82, 0x53, 0x6b, 0xd9, 0x84, 0x58, 0xa1, 0x3c, 0x9d, 0x63, 0x28, 0x24, 0x9c, - 0x65, 0xc4, 0x6f, 0xa4, 0xc8, 0x35, 0xe2, 0xbc, 0x38, 0xe8, 0xd3, 0x16, 0x0c, 0xaf, 0x7b, 0xbe, - 0x51, 0x53, 0xf2, 0x18, 0x3e, 0xce, 0x65, 0xc6, 0x40, 0xef, 0x38, 0xf8, 0xff, 0x04, 0x4b, 0xce, - 0xfd, 0x56, 0xaa, 0xa1, 0xa3, 0xae, 0x54, 0xc3, 0x0f, 0x68, 0xa5, 0xfa, 0x8c, 0x05, 0x75, 0xd5, - 0xd3, 0x22, 0xc9, 0xf1, 0xc3, 0xc7, 0xf8, 0xc9, 0xb9, 0xe7, 0x44, 0xfd, 0xc5, 0x9a, 0x39, 0xfa, - 0x92, 0x05, 0x23, 0xce, 0x9b, 0x9d, 0x98, 0x34, 0xc9, 0x56, 0x18, 0x25, 0xe2, 0x16, 0xa8, 0xd7, - 0x8a, 0x17, 0x66, 0x9a, 0x32, 0x99, 0x25, 0x5b, 0x4b, 0x51, 0x22, 0x92, 0x11, 0x74, 0x03, 0x36, - 0x45, 0xb0, 0x77, 0x4b, 0x30, 0xb1, 0x0f, 0x05, 0xf4, 0x12, 0x8c, 0x86, 0x71, 0xcb, 0x09, 0xbc, - 0x37, 0xcd, 0x0c, 0x77, 0x65, 0x65, 0x2d, 0x19, 0x30, 0x9c, 0xc1, 0x34, 0xd3, 0x30, 0x4b, 0xfb, - 0xa4, 0x61, 0x5e, 0x80, 0x4a, 0x4c, 0xa2, 0x30, 0xbf, 0x59, 0x60, 0x81, 0xc0, 0x0c, 0x82, 0x9e, - 0x80, 0xb2, 0x13, 0x79, 0x22, 0xfc, 0x44, 0xed, 0x81, 0xa6, 0x97, 0xe7, 0x31, 0x6d, 0xcf, 0x64, - 0x85, 0x57, 0xef, 0x4b, 0x56, 0x38, 0x5d, 0x06, 0xc4, 0xd9, 0xc5, 0x90, 0x5e, 0x06, 0xb2, 0x67, - 0x0a, 0xf6, 0x57, 0xcb, 0xf0, 0xc4, 0x3d, 0xc7, 0x8b, 0x8e, 0xbe, 0xb1, 0xee, 0x11, 0x7d, 0x23, - 0xbb, 0xa7, 0xb4, 0x5f, 0xf7, 0x94, 0xfb, 0x74, 0xcf, 0xa7, 0xe9, 0x34, 0x90, 0x95, 0x01, 0x8a, - 0xb9, 0x90, 0xa8, 0x5f, 0xa1, 0x01, 0x31, 0x03, 0x24, 0x14, 0x6b, 0xbe, 0x74, 0x0f, 0x90, 0x49, - 0x41, 0xac, 0x16, 0xb1, 0x0c, 0xf4, 0xad, 0x14, 0xc0, 0xc7, 0x7e, 0xbf, 0xbc, 0x46, 0xfb, 0xe7, - 0x4b, 0xf0, 0xd4, 0x00, 0xda, 0xdb, 0x1c, 0xc5, 0xd6, 0x80, 0xa3, 0xf8, 0x7b, 0xfb, 0x33, 0xd9, - 0x7f, 0xc9, 0x82, 0xf3, 0xfd, 0x17, 0x0f, 0xf4, 0x3c, 0x8c, 0xac, 0xc5, 0x4e, 0xe0, 0x6e, 0xb0, - 0x4b, 0xd6, 0x64, 0xa7, 0xb0, 0xbe, 0xd6, 0xcd, 0xd8, 0xc4, 0xa1, 0xdb, 0x5b, 0x5e, 0xd8, 0xdd, - 0xc0, 0x90, 0x29, 0x63, 0x74, 0x7b, 0xbb, 0x9a, 0x07, 0xe2, 0x6e, 0x7c, 0xfb, 0x4f, 0x4a, 0xbd, - 0xc5, 0xe2, 0x46, 0xc6, 0x41, 0xbe, 0x93, 0xf8, 0x0a, 0xa5, 0x01, 0x74, 0x49, 0xf9, 0x7e, 0xeb, - 0x92, 0x4a, 0x3f, 0x5d, 0x82, 0x66, 0xe1, 0xb4, 0x71, 0x1f, 0x01, 0x4f, 0x03, 0xe4, 0x61, 0x76, - 0x2a, 0x37, 0x7e, 0x39, 0x07, 0xc7, 0x5d, 0x4f, 0xa0, 0x67, 0xa1, 0xe6, 0x05, 0x09, 0x71, 0x3b, - 0x31, 0x0f, 0xef, 0x34, 0x52, 0x2f, 0xe6, 0x45, 0x3b, 0x56, 0x18, 0xf6, 0x2f, 0x97, 0xe0, 0xb1, - 0xbe, 0x76, 0xd6, 0x7d, 0xd2, 0x5d, 0xe6, 0xe7, 0xa8, 0xdc, 0x9f, 0xcf, 0x61, 0x76, 0x52, 0x75, - 0xdf, 0x4e, 0xfa, 0xfd, 0xfe, 0x03, 0x93, 0xda, 0xdc, 0xdf, 0xb7, 0xbd, 0xf4, 0x32, 0x9c, 0x70, - 0xa2, 0x88, 0xe3, 0xb1, 0x28, 0xad, 0x5c, 0x6d, 0x8c, 0x69, 0x13, 0x88, 0xb3, 0xb8, 0x03, 0xad, - 0x9e, 0x7f, 0x68, 0x41, 0x1d, 0x93, 0x75, 0xae, 0x1d, 0xd0, 0x6d, 0xd1, 0x45, 0x56, 0x11, 0x55, - 0xf4, 0x68, 0xc7, 0x26, 0x1e, 0xab, 0x2e, 0xd7, 0xab, 0xb3, 0xbb, 0xef, 0xad, 0x28, 0x1d, 0xe8, - 0xde, 0x0a, 0x75, 0x73, 0x41, 0xb9, 0xff, 0xcd, 0x05, 0xf6, 0x5b, 0xc3, 0xf4, 0xf5, 0xa2, 0x70, - 0x26, 0x26, 0xcd, 0x84, 0x7e, 0xdf, 0x4e, 0xec, 0x8b, 0x41, 0xa2, 0xbe, 0xef, 0x0d, 0xbc, 0x80, - 0x69, 0x7b, 0xe6, 0x28, 0xa6, 0x74, 0xa0, 0xca, 0x00, 0xe5, 0x7d, 0x2b, 0x03, 0xbc, 0x0c, 0x27, - 0x92, 0x64, 0x63, 0x39, 0xf6, 0xb6, 0x9c, 0x94, 0x5c, 0x23, 0x3b, 0xc2, 0xca, 0xd2, 0xd9, 0xbc, - 0x2b, 0x57, 0x34, 0x10, 0x67, 0x71, 0xd1, 0x1c, 0x8c, 0xe9, 0xfc, 0x7c, 0x12, 0xa7, 0x2c, 0xa6, - 0x97, 0x8f, 0x04, 0x95, 0xba, 0xa7, 0x33, 0xfa, 0x05, 0x02, 0xee, 0x7e, 0x86, 0xea, 0xb7, 0x4c, - 0x23, 0x15, 0x64, 0x28, 0xab, 0xdf, 0x32, 0x74, 0xa8, 0x2c, 0x5d, 0x4f, 0xa0, 0x45, 0x38, 0xc3, - 0x07, 0xc6, 0x74, 0x14, 0x19, 0x6f, 0x34, 0x9c, 0xad, 0x5e, 0x36, 0xd7, 0x8d, 0x82, 0x7b, 0x3d, - 0x87, 0x5e, 0x84, 0x11, 0xd5, 0x3c, 0x3f, 0x2b, 0x4e, 0x11, 0x94, 0x17, 0x43, 0x91, 0x99, 0x6f, - 0x62, 0x13, 0x0f, 0x7d, 0x08, 0x1e, 0xd5, 0x7f, 0x79, 0xe2, 0x07, 0x3f, 0x5a, 0x9b, 0x15, 0xa5, - 0x4f, 0x54, 0x9d, 0xfc, 0xb9, 0x9e, 0x68, 0x4d, 0xdc, 0xef, 0x79, 0xb4, 0x06, 0xe7, 0x15, 0xe8, - 0x52, 0x90, 0xb2, 0x28, 0xee, 0x84, 0x34, 0x9c, 0x84, 0xdc, 0x88, 0x7d, 0x56, 0x2c, 0xa5, 0xae, - 0xaf, 0x30, 0x9b, 0xf3, 0xd2, 0x2b, 0xbd, 0x30, 0xf1, 0x02, 0xbe, 0x07, 0x15, 0x34, 0x05, 0x75, - 0x12, 0x38, 0x6b, 0x3e, 0x59, 0x9a, 0x99, 0x67, 0x25, 0x54, 0x8c, 0x93, 0xbc, 0x4b, 0x12, 0x80, - 0x35, 0x8e, 0x8a, 0x2b, 0x1b, 0xed, 0x7b, 0x9d, 0xde, 0x32, 0x9c, 0x6d, 0xb9, 0x11, 0xb5, 0x3d, - 0x3c, 0x97, 0x4c, 0xbb, 0x2c, 0xb6, 0x8a, 0x7e, 0x18, 0x5e, 0x56, 0x4e, 0x05, 0x4d, 0xce, 0xcd, - 0x2c, 0x77, 0xe1, 0xe0, 0x9e, 0x4f, 0xd2, 0x39, 0x16, 0xc5, 0xe1, 0xf6, 0xce, 0xf8, 0x99, 0xec, - 0x1c, 0x5b, 0xa6, 0x8d, 0x98, 0xc3, 0xd0, 0x55, 0x40, 0x2c, 0x02, 0xf7, 0x4a, 0x9a, 0x46, 0xca, - 0xd8, 0x19, 0x3f, 0xcb, 0x5e, 0xe9, 0xbc, 0x78, 0x02, 0x5d, 0xee, 0xc2, 0xc0, 0x3d, 0x9e, 0xb2, - 0xff, 0x9d, 0x05, 0x27, 0xd4, 0x7c, 0xbd, 0x0f, 0x31, 0xe8, 0x7e, 0x36, 0x06, 0x7d, 0xee, 0xe8, - 0x1a, 0x8f, 0x49, 0xde, 0x27, 0x90, 0xf1, 0x67, 0x46, 0x00, 0xb4, 0x56, 0x54, 0x0b, 0x92, 0xd5, - 0x77, 0x41, 0x7a, 0x68, 0x35, 0x52, 0xaf, 0x7a, 0x09, 0xd5, 0x07, 0x5b, 0x2f, 0x61, 0x05, 0xce, - 0x49, 0x73, 0x81, 0x9f, 0x15, 0x5d, 0x09, 0x13, 0xa5, 0xe0, 0x6a, 0x8d, 0x27, 0x04, 0xa1, 0x73, - 0xf3, 0xbd, 0x90, 0x70, 0xef, 0x67, 0x33, 0x56, 0xca, 0xf0, 0x7e, 0x56, 0x8a, 0x9e, 0xd3, 0x0b, - 0xeb, 0xb2, 0x20, 0x7e, 0x6e, 0x4e, 0x2f, 0x5c, 0x5e, 0xc1, 0x1a, 0xa7, 0xb7, 0x62, 0xaf, 0x17, - 0xa4, 0xd8, 0xe1, 0xc0, 0x8a, 0x5d, 0xaa, 0x98, 0x91, 0xbe, 0x2a, 0x46, 0xfa, 0xa4, 0x47, 0xfb, - 0xfa, 0xa4, 0xdf, 0x0f, 0x27, 0xbd, 0x60, 0x83, 0xc4, 0x5e, 0x4a, 0x9a, 0x6c, 0x2e, 0x30, 0xf5, - 0x53, 0xd3, 0xcb, 0xfa, 0x7c, 0x06, 0x8a, 0x73, 0xd8, 0x59, 0xbd, 0x78, 0x72, 0x00, 0xbd, 0xd8, - 0x67, 0x35, 0x3a, 0x55, 0xcc, 0x6a, 0x74, 0xfa, 0xe8, 0xab, 0xd1, 0xd8, 0xb1, 0xae, 0x46, 0xa8, - 0x90, 0xd5, 0x68, 0x20, 0x45, 0x6f, 0x6c, 0xff, 0xce, 0xee, 0xb3, 0xfd, 0xeb, 0xb7, 0x14, 0x9d, - 0x3b, 0xf4, 0x52, 0xd4, 0x7b, 0x95, 0x79, 0xe4, 0x50, 0xab, 0xcc, 0x67, 0x4a, 0x70, 0x4e, 0xeb, - 0x61, 0x3a, 0xfa, 0xbd, 0x75, 0xaa, 0x89, 0xd8, 0x9d, 0x2a, 0xfc, 0xdc, 0xc6, 0x48, 0x89, 0xd0, - 0xd9, 0x15, 0x0a, 0x82, 0x0d, 0x2c, 0x96, 0x59, 0x40, 0x62, 0x56, 0x3c, 0x33, 0xaf, 0xa4, 0x67, - 0x44, 0x3b, 0x56, 0x18, 0x74, 0x7c, 0xd1, 0xdf, 0x22, 0x5b, 0x2b, 0x5f, 0x22, 0x6a, 0x46, 0x83, - 0xb0, 0x89, 0x87, 0x9e, 0xe1, 0x4c, 0x98, 0x82, 0xa0, 0x8a, 0x7a, 0x54, 0x5c, 0xb2, 0x28, 0x75, - 0x82, 0x82, 0x4a, 0x71, 0x58, 0x0a, 0x49, 0xb5, 0x5b, 0x1c, 0x16, 0x02, 0xa5, 0x30, 0xec, 0xff, - 0x6e, 0xc1, 0x63, 0x3d, 0xbb, 0xe2, 0x3e, 0x2c, 0xbe, 0xdb, 0xd9, 0xc5, 0x77, 0xa5, 0xa8, 0xed, - 0x86, 0xf1, 0x16, 0x7d, 0x16, 0xe2, 0x7f, 0x63, 0xc1, 0x49, 0x8d, 0x7f, 0x1f, 0x5e, 0xd5, 0xcb, - 0xbe, 0x6a, 0x71, 0x3b, 0xab, 0x7a, 0xd7, 0xbb, 0xfd, 0x4e, 0x09, 0x54, 0xd9, 0xb6, 0x69, 0x57, - 0x16, 0xc5, 0xdc, 0xe7, 0x24, 0x71, 0x07, 0x86, 0xd8, 0x41, 0x68, 0x52, 0x4c, 0x90, 0x47, 0x96, - 0x3f, 0x3b, 0x54, 0xd5, 0x87, 0xcc, 0xec, 0x6f, 0x82, 0x05, 0x43, 0x56, 0xda, 0xd5, 0x4b, 0xa8, - 0x36, 0x6f, 0x8a, 0x64, 0x0c, 0x5d, 0xda, 0x55, 0xb4, 0x63, 0x85, 0x41, 0x97, 0x07, 0xcf, 0x0d, - 0x83, 0x19, 0xdf, 0x49, 0xe4, 0x45, 0x62, 0x6a, 0x79, 0x98, 0x97, 0x00, 0xac, 0x71, 0xd8, 0x19, - 0xa9, 0x97, 0x44, 0xbe, 0xb3, 0x63, 0xec, 0x9f, 0x8d, 0xac, 0x64, 0x05, 0xc2, 0x26, 0x9e, 0xdd, - 0x86, 0xf1, 0xec, 0x4b, 0xcc, 0x92, 0x75, 0x16, 0xa0, 0x38, 0x50, 0x77, 0x4e, 0x41, 0xdd, 0x61, - 0x4f, 0x2d, 0x74, 0x9c, 0xfc, 0xfd, 0xbf, 0xd3, 0x12, 0x80, 0x35, 0x8e, 0xfd, 0xab, 0x16, 0x9c, - 0xe9, 0xd1, 0x69, 0x05, 0x26, 0xbb, 0xa4, 0x5a, 0xdb, 0xf4, 0x5a, 0xd8, 0xdf, 0x0d, 0xc3, 0x4d, - 0xb2, 0xee, 0xc8, 0x10, 0x38, 0x43, 0xb7, 0xcf, 0xf2, 0x66, 0x2c, 0xe1, 0xf6, 0x7f, 0xb5, 0xe0, - 0x54, 0x56, 0xd6, 0x84, 0x6a, 0x67, 0xfe, 0x32, 0xb3, 0x5e, 0xe2, 0x86, 0x5b, 0x24, 0xde, 0xa1, - 0x6f, 0xce, 0xa5, 0x56, 0xda, 0x79, 0xba, 0x0b, 0x03, 0xf7, 0x78, 0x8a, 0x15, 0x6d, 0x6c, 0xaa, - 0xde, 0x96, 0x23, 0xf2, 0x66, 0x91, 0x23, 0x52, 0x7f, 0x4c, 0xf3, 0xb8, 0x5c, 0xb1, 0xc4, 0x26, - 0x7f, 0xfb, 0x3b, 0x15, 0x50, 0xd9, 0x70, 0x2c, 0xfe, 0xa8, 0xa0, 0xe8, 0xad, 0xcc, 0x9d, 0x47, - 0xe5, 0x01, 0xee, 0x3c, 0x92, 0x83, 0xa1, 0x72, 0xaf, 0x80, 0x00, 0xee, 0x25, 0x31, 0x5d, 0x97, - 0xea, 0x0d, 0x57, 0x35, 0x08, 0x9b, 0x78, 0x54, 0x12, 0xdf, 0xdb, 0x22, 0xfc, 0xa1, 0xa1, 0xac, - 0x24, 0x0b, 0x12, 0x80, 0x35, 0x0e, 0x95, 0xa4, 0xe9, 0xad, 0xaf, 0x8b, 0x2d, 0xbf, 0x92, 0x84, - 0xf6, 0x0e, 0x66, 0x10, 0x5e, 0x87, 0x37, 0xdc, 0x14, 0x56, 0xb0, 0x51, 0x87, 0x37, 0xdc, 0xc4, - 0x0c, 0x42, 0xed, 0xb6, 0x20, 0x8c, 0xdb, 0xec, 0x7e, 0xe6, 0xa6, 0xe2, 0x22, 0xac, 0x5f, 0x65, - 0xb7, 0x5d, 0xef, 0x46, 0xc1, 0xbd, 0x9e, 0xa3, 0x23, 0x30, 0x8a, 0x49, 0xd3, 0x73, 0x53, 0x93, - 0x1a, 0x64, 0x47, 0xe0, 0x72, 0x17, 0x06, 0xee, 0xf1, 0x14, 0x9a, 0x86, 0x53, 0x32, 0x9b, 0x51, - 0xd6, 0xaa, 0x18, 0xc9, 0xe6, 0xc6, 0xe3, 0x2c, 0x18, 0xe7, 0xf1, 0xa9, 0x56, 0x6b, 0x8b, 0x32, - 0x35, 0xcc, 0x58, 0x36, 0xb4, 0x9a, 0x2c, 0x5f, 0x83, 0x15, 0x86, 0xfd, 0xa9, 0x32, 0x5d, 0x85, - 0xfb, 0x94, 0x67, 0xba, 0x6f, 0xd1, 0x82, 0xd9, 0x11, 0x59, 0x19, 0x60, 0x44, 0xbe, 0x00, 0xa3, - 0xb7, 0x93, 0x30, 0x50, 0x91, 0x78, 0xd5, 0xbe, 0x91, 0x78, 0x06, 0x56, 0xef, 0x48, 0xbc, 0xa1, - 0xa2, 0x22, 0xf1, 0x86, 0x0f, 0x19, 0x89, 0xf7, 0xad, 0x2a, 0xa8, 0x0b, 0x01, 0xae, 0x93, 0xf4, - 0x4e, 0x18, 0x6f, 0x7a, 0x41, 0x8b, 0x65, 0x81, 0x7e, 0xdd, 0x82, 0x51, 0x3e, 0x5f, 0x16, 0xcc, - 0x4c, 0xaa, 0xf5, 0x82, 0x2a, 0xcd, 0x67, 0x98, 0x4d, 0xae, 0x1a, 0x8c, 0x72, 0xf7, 0xd8, 0x99, - 0x20, 0x9c, 0x91, 0x08, 0x7d, 0x1c, 0x40, 0xfa, 0x47, 0xd7, 0xa5, 0xca, 0x9c, 0x2f, 0x46, 0x3e, - 0x4c, 0xd6, 0xb5, 0x0d, 0xbc, 0xaa, 0x98, 0x60, 0x83, 0x21, 0xfa, 0x4c, 0xfe, 0xfe, 0xfa, 0x8f, - 0x1e, 0x4b, 0xdf, 0x0c, 0x92, 0x63, 0x86, 0x61, 0xd8, 0x0b, 0x5a, 0x74, 0x9c, 0x88, 0x88, 0xa5, - 0x77, 0xf5, 0xca, 0xa0, 0x5e, 0x08, 0x9d, 0x66, 0xc3, 0xf1, 0x9d, 0xc0, 0x25, 0xf1, 0x3c, 0x47, - 0x37, 0x6f, 0x6f, 0x65, 0x0d, 0x58, 0x12, 0xea, 0xba, 0x4a, 0xa1, 0x3a, 0xc8, 0x55, 0x0a, 0xe7, - 0x3f, 0x00, 0x63, 0x5d, 0x1f, 0xf3, 0x40, 0x29, 0x65, 0x87, 0xcf, 0x46, 0xb3, 0xff, 0xe9, 0x90, - 0x5e, 0xb4, 0xae, 0x87, 0x4d, 0x5e, 0xd0, 0x3f, 0xd6, 0x5f, 0x54, 0xd8, 0xb8, 0x05, 0x0e, 0x11, - 0xe3, 0x06, 0x58, 0xd5, 0x88, 0x4d, 0x96, 0x74, 0x8c, 0x46, 0x4e, 0x4c, 0x82, 0xe3, 0x1e, 0xa3, - 0xcb, 0x8a, 0x09, 0x36, 0x18, 0xa2, 0x8d, 0x4c, 0x4e, 0xc9, 0xe5, 0xa3, 0xe7, 0x94, 0xb0, 0xda, - 0x32, 0xbd, 0x6a, 0x70, 0x7f, 0xc9, 0x82, 0x93, 0x41, 0x66, 0xe4, 0x16, 0x13, 0x46, 0xda, 0x7b, - 0x56, 0xf0, 0xfb, 0x64, 0xb2, 0x6d, 0x38, 0xc7, 0xbf, 0xd7, 0x92, 0x56, 0x3d, 0xe0, 0x92, 0xa6, - 0x6f, 0x06, 0x19, 0xea, 0x77, 0x33, 0x08, 0x0a, 0xd4, 0xd5, 0x48, 0xc3, 0x85, 0x5f, 0x8d, 0x04, - 0x3d, 0xae, 0x45, 0xba, 0x05, 0x75, 0x37, 0x26, 0x4e, 0x7a, 0xc8, 0x5b, 0x72, 0xd8, 0x01, 0xfd, - 0x8c, 0x24, 0x80, 0x35, 0x2d, 0xfb, 0x7f, 0x57, 0xe0, 0xb4, 0xec, 0x11, 0x19, 0x82, 0x4e, 0xd7, - 0x47, 0xce, 0x57, 0x1b, 0xb7, 0x6a, 0x7d, 0xbc, 0x22, 0x01, 0x58, 0xe3, 0x50, 0x7b, 0xac, 0x93, - 0x90, 0xa5, 0x88, 0x04, 0x0b, 0xde, 0x5a, 0x22, 0xce, 0x39, 0xd5, 0x44, 0xb9, 0xa1, 0x41, 0xd8, - 0xc4, 0xa3, 0xc6, 0x38, 0xb7, 0x8b, 0x93, 0x7c, 0xfa, 0x8a, 0xb0, 0xb7, 0xb1, 0x84, 0xa3, 0x5f, - 0xe8, 0x59, 0x2f, 0xb2, 0x98, 0xc4, 0xad, 0xae, 0xc8, 0xfb, 0x03, 0x5e, 0xac, 0xf6, 0x37, 0x2c, - 0x38, 0xc7, 0x5b, 0x65, 0x4f, 0xde, 0x88, 0x9a, 0x4e, 0x4a, 0x92, 0x62, 0xea, 0x37, 0xf7, 0x90, - 0x4f, 0x3b, 0x79, 0x7b, 0xb1, 0xc5, 0xbd, 0xa5, 0x41, 0x5f, 0xb4, 0xe0, 0xd4, 0x66, 0x26, 0xd3, - 0x5f, 0x2e, 0x1d, 0x47, 0xac, 0x49, 0x93, 0x2d, 0x1f, 0xa0, 0xa7, 0x5a, 0xb6, 0x3d, 0xc1, 0x79, - 0xee, 0xf6, 0x9f, 0x58, 0x60, 0xaa, 0xd1, 0xc1, 0x2c, 0x40, 0xe3, 0x2a, 0xdb, 0xd2, 0x3e, 0x57, - 0xd9, 0x4a, 0x63, 0xb1, 0x3c, 0xd8, 0xe6, 0xa4, 0x72, 0x80, 0xcd, 0x49, 0xb5, 0xaf, 0x75, 0xf9, - 0x04, 0x94, 0x3b, 0x5e, 0x53, 0xec, 0x2f, 0xf4, 0xe9, 0xeb, 0xfc, 0x2c, 0xa6, 0xed, 0xf6, 0x3f, - 0xaa, 0x6a, 0xbf, 0x85, 0xc8, 0x8b, 0xfa, 0xbe, 0x78, 0xed, 0x75, 0x55, 0x62, 0x88, 0xbf, 0xf9, - 0xf5, 0xae, 0x12, 0x43, 0x3f, 0x72, 0xf0, 0xb4, 0x37, 0xde, 0x41, 0xfd, 0x2a, 0x0c, 0x0d, 0xef, - 0x93, 0xf3, 0x76, 0x1b, 0x6a, 0x74, 0x0b, 0xc6, 0x1c, 0x90, 0xb5, 0x8c, 0x50, 0xb5, 0x2b, 0xa2, - 0xfd, 0xee, 0xee, 0xc4, 0x0f, 0x1f, 0x5c, 0x2c, 0xf9, 0x34, 0x56, 0xf4, 0x51, 0x02, 0x75, 0xfa, - 0x9b, 0xa5, 0xe7, 0x89, 0xcd, 0xdd, 0x0d, 0xa5, 0x33, 0x25, 0xa0, 0x90, 0xdc, 0x3f, 0xcd, 0x07, - 0x05, 0x50, 0x67, 0x77, 0x50, 0x32, 0xa6, 0x7c, 0x0f, 0xb8, 0xac, 0x92, 0xe4, 0x24, 0xe0, 0xee, - 0xee, 0xc4, 0xcb, 0x07, 0x67, 0xaa, 0x1e, 0xc7, 0x9a, 0x85, 0xfd, 0xe5, 0x8a, 0x1e, 0xbb, 0xa2, - 0xb2, 0xd4, 0xf7, 0xc5, 0xd8, 0x7d, 0x29, 0x37, 0x76, 0x2f, 0x74, 0x8d, 0xdd, 0x93, 0xfa, 0xae, - 0xc4, 0xcc, 0x68, 0xbc, 0xdf, 0x86, 0xc0, 0xfe, 0xfe, 0x06, 0x66, 0x01, 0xbd, 0xd1, 0xf1, 0x62, - 0x92, 0x2c, 0xc7, 0x9d, 0xc0, 0x0b, 0x5a, 0xe2, 0x0e, 0x7c, 0xc3, 0x02, 0xca, 0x80, 0x71, 0x1e, - 0x9f, 0xdd, 0x9f, 0xbf, 0x13, 0xb8, 0xb7, 0x9c, 0x2d, 0x3e, 0xaa, 0x8c, 0x62, 0x3b, 0x2b, 0xa2, - 0x1d, 0x2b, 0x0c, 0xfb, 0x2d, 0x76, 0x96, 0x6d, 0xe4, 0x05, 0xd3, 0x31, 0xe1, 0xb3, 0x4b, 0x3f, - 0x79, 0xa5, 0x1e, 0x35, 0x26, 0xf8, 0x4d, 0x9f, 0x1c, 0x86, 0xee, 0xc0, 0xf0, 0x1a, 0xbf, 0xf5, - 0xaa, 0x98, 0xaa, 0xc4, 0xe2, 0x0a, 0x2d, 0x76, 0xb7, 0x81, 0xbc, 0x4f, 0xeb, 0xae, 0xfe, 0x89, - 0x25, 0x37, 0xfb, 0x9b, 0x15, 0x38, 0x95, 0xbb, 0x16, 0x32, 0x53, 0x23, 0xb1, 0xb4, 0x6f, 0x8d, - 0xc4, 0x8f, 0x00, 0x34, 0x49, 0xe4, 0x87, 0x3b, 0xcc, 0x1c, 0xab, 0x1c, 0xd8, 0x1c, 0x53, 0x16, - 0xfc, 0xac, 0xa2, 0x82, 0x0d, 0x8a, 0xa2, 0x3c, 0x11, 0x2f, 0xb9, 0x98, 0x2b, 0x4f, 0x64, 0xd4, - 0x2e, 0x1f, 0xba, 0xbf, 0xb5, 0xcb, 0x3d, 0x38, 0xc5, 0x45, 0x54, 0xd9, 0xb7, 0x87, 0x48, 0xb2, - 0x65, 0xf9, 0x0b, 0xb3, 0x59, 0x32, 0x38, 0x4f, 0xf7, 0x41, 0xde, 0xfa, 0x8a, 0xde, 0x03, 0x75, - 0xf9, 0x9d, 0x93, 0xf1, 0xba, 0xae, 0x60, 0x20, 0x87, 0x01, 0xbb, 0x8d, 0x55, 0xfc, 0xb4, 0xbf, - 0x50, 0xa2, 0xd6, 0x33, 0xff, 0xa7, 0x2a, 0xd1, 0x3c, 0x0d, 0x43, 0x4e, 0x27, 0xdd, 0x08, 0xbb, - 0x6e, 0xce, 0x9a, 0x66, 0xad, 0x58, 0x40, 0xd1, 0x02, 0x54, 0x9a, 0xba, 0xba, 0xc8, 0x41, 0x7a, - 0x51, 0x3b, 0x22, 0x9d, 0x94, 0x60, 0x46, 0x05, 0x3d, 0x0e, 0x95, 0xd4, 0x69, 0xc9, 0x44, 0x27, - 0x96, 0xdc, 0xba, 0xea, 0xb4, 0x12, 0xcc, 0x5a, 0xcd, 0x45, 0xb3, 0xb2, 0xcf, 0xa2, 0xf9, 0x32, - 0x9c, 0x48, 0xbc, 0x56, 0xe0, 0xa4, 0x9d, 0x98, 0x18, 0x87, 0x6b, 0x3a, 0x5e, 0xc2, 0x04, 0xe2, - 0x2c, 0xae, 0xfd, 0x9b, 0xa3, 0x70, 0x76, 0x65, 0x66, 0x51, 0x56, 0xca, 0x3d, 0xb6, 0x5c, 0xa5, - 0x5e, 0x3c, 0xee, 0x5f, 0xae, 0x52, 0x1f, 0xee, 0xbe, 0x91, 0xab, 0xe4, 0x1b, 0xb9, 0x4a, 0xd9, - 0xc4, 0x91, 0x72, 0x11, 0x89, 0x23, 0xbd, 0x24, 0x18, 0x24, 0x71, 0xe4, 0xd8, 0x92, 0x97, 0xee, - 0x29, 0xd0, 0x81, 0x92, 0x97, 0x54, 0x66, 0x57, 0x21, 0x21, 0xfd, 0x7d, 0x3e, 0x55, 0xcf, 0xcc, - 0x2e, 0x95, 0x55, 0xc3, 0xd3, 0x55, 0x84, 0x82, 0x7d, 0xad, 0x78, 0x01, 0x06, 0xc8, 0xaa, 0x11, - 0x19, 0x33, 0x66, 0x26, 0xd7, 0x70, 0x11, 0x99, 0x5c, 0xbd, 0xc4, 0xd9, 0x37, 0x93, 0xeb, 0x65, - 0x38, 0xe1, 0xfa, 0x61, 0x40, 0x96, 0xe3, 0x30, 0x0d, 0xdd, 0xd0, 0x17, 0xc6, 0xb4, 0x52, 0x09, - 0x33, 0x26, 0x10, 0x67, 0x71, 0xfb, 0xa5, 0x81, 0xd5, 0x8f, 0x9a, 0x06, 0x06, 0x0f, 0x28, 0x0d, - 0xec, 0x67, 0x75, 0xc2, 0xf2, 0x08, 0xfb, 0x22, 0x1f, 0x29, 0xfe, 0x8b, 0x0c, 0x92, 0xb5, 0x8c, - 0xbe, 0xca, 0xaf, 0xae, 0xa2, 0xe6, 0xe8, 0x4c, 0xd8, 0xa6, 0xe6, 0xd6, 0x28, 0xeb, 0x92, 0xd7, - 0x8f, 0x61, 0xc0, 0xde, 0x5a, 0xd1, 0x6c, 0xd4, 0x75, 0x56, 0xba, 0x09, 0x67, 0x05, 0x39, 0x4a, - 0x42, 0xf5, 0xd7, 0x4a, 0xf0, 0x03, 0xfb, 0x8a, 0x80, 0xee, 0x00, 0xa4, 0x4e, 0x4b, 0x0c, 0x54, - 0x71, 0x4c, 0x71, 0xc4, 0xa0, 0xc6, 0x55, 0x49, 0x8f, 0x57, 0x02, 0x51, 0x7f, 0xd9, 0x01, 0x80, - 0xfc, 0xcd, 0x62, 0x19, 0x43, 0xbf, 0xab, 0xea, 0x21, 0x0e, 0x7d, 0x82, 0x19, 0x84, 0x2e, 0xff, - 0x31, 0x69, 0xe9, 0xbb, 0x56, 0xd5, 0xe7, 0xc3, 0xac, 0x15, 0x0b, 0x28, 0x7a, 0x11, 0x46, 0x1c, - 0xdf, 0xe7, 0x59, 0x29, 0x24, 0x11, 0x77, 0x57, 0xe8, 0xca, 0x6d, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, - 0x8f, 0x4b, 0x30, 0xb1, 0x8f, 0x4e, 0xe9, 0xca, 0xb3, 0xab, 0x0e, 0x9c, 0x67, 0x27, 0x32, 0x03, - 0x86, 0xfa, 0x64, 0x06, 0xbc, 0x08, 0x23, 0x29, 0x71, 0xda, 0x22, 0x0c, 0x4a, 0xec, 0xbf, 0xf5, - 0xb9, 0xab, 0x06, 0x61, 0x13, 0x8f, 0x6a, 0xb1, 0x93, 0x8e, 0xeb, 0x92, 0x24, 0x91, 0xa1, 0xff, - 0xc2, 0x87, 0x59, 0x58, 0x5e, 0x01, 0x73, 0x0d, 0x4f, 0x67, 0x58, 0xe0, 0x1c, 0xcb, 0x7c, 0x87, - 0xd7, 0x07, 0xec, 0xf0, 0x6f, 0x94, 0xe0, 0x89, 0x7b, 0xae, 0x6e, 0x03, 0x67, 0x65, 0x74, 0x12, - 0x12, 0xe7, 0x07, 0xce, 0x8d, 0x84, 0xc4, 0x98, 0x41, 0x78, 0x2f, 0x45, 0x91, 0x71, 0x97, 0x6d, - 0xd1, 0x29, 0x43, 0xbc, 0x97, 0x32, 0x2c, 0x70, 0x8e, 0xe5, 0x61, 0x87, 0xe5, 0xdf, 0x29, 0xc1, - 0x53, 0x03, 0xd8, 0x00, 0x05, 0xa6, 0x56, 0x65, 0x13, 0xdc, 0xca, 0x0f, 0x28, 0x0f, 0xf1, 0x90, - 0xdd, 0xf5, 0x56, 0x09, 0xce, 0xf7, 0x5f, 0x8a, 0xd1, 0x8f, 0xd2, 0x3d, 0xbc, 0x8c, 0x7d, 0x32, - 0x73, 0xe3, 0xce, 0xf0, 0xfd, 0x7b, 0x06, 0x84, 0xf3, 0xb8, 0x68, 0x12, 0x20, 0x72, 0xd2, 0x8d, - 0xe4, 0xd2, 0xb6, 0x97, 0xa4, 0xa2, 0xf6, 0xcb, 0x49, 0x7e, 0x62, 0x24, 0x5b, 0xb1, 0x81, 0x41, - 0xd9, 0xb1, 0x7f, 0xb3, 0xe1, 0xf5, 0x30, 0xe5, 0x0f, 0xf1, 0x6d, 0xc4, 0x19, 0x59, 0x1f, 0xdf, - 0x00, 0xe1, 0x3c, 0x2e, 0x65, 0xc7, 0xce, 0x24, 0xb9, 0xa0, 0x7c, 0x7f, 0xc1, 0xd8, 0x2d, 0xa8, - 0x56, 0x6c, 0x60, 0xe4, 0xb3, 0xfe, 0xaa, 0xfb, 0x67, 0xfd, 0xd9, 0xff, 0xb0, 0x04, 0x8f, 0xf5, - 0x35, 0xe5, 0x06, 0x9b, 0x80, 0x0f, 0x5f, 0xa6, 0xde, 0xe1, 0xc6, 0xce, 0x01, 0x33, 0xca, 0xfe, - 0xb0, 0xcf, 0x48, 0x13, 0x19, 0x65, 0x87, 0x4f, 0xc9, 0x7e, 0xf8, 0xfa, 0xb3, 0x2b, 0x89, 0xac, - 0x72, 0x80, 0x24, 0xb2, 0xdc, 0xc7, 0xa8, 0x0e, 0x38, 0x91, 0xff, 0x6f, 0xff, 0xee, 0xa5, 0x5b, - 0xbf, 0x81, 0xbc, 0xa3, 0xb3, 0x70, 0xda, 0x0b, 0xd8, 0x5d, 0x29, 0x2b, 0x9d, 0x35, 0x51, 0x0e, - 0xa4, 0x94, 0xbd, 0xa9, 0x78, 0x3e, 0x07, 0xc7, 0x5d, 0x4f, 0x3c, 0x84, 0x49, 0x7d, 0x87, 0xeb, - 0xd2, 0x03, 0xa6, 0x95, 0x7e, 0x04, 0xea, 0x4a, 0x12, 0x1e, 0xd6, 0xac, 0x3e, 0x7f, 0x57, 0x58, - 0xb3, 0xfa, 0xf6, 0x06, 0x16, 0xed, 0x37, 0x6a, 0x9c, 0xe6, 0xc6, 0xf1, 0x35, 0xb2, 0xc3, 0x2c, - 0x55, 0xfb, 0xbd, 0x30, 0xaa, 0x3c, 0x1e, 0x83, 0x5e, 0x9f, 0x61, 0x7f, 0x79, 0x08, 0x4e, 0x64, - 0x8a, 0xe3, 0x65, 0x1c, 0x8c, 0xd6, 0xbe, 0x0e, 0x46, 0x16, 0xa6, 0xde, 0x09, 0xe4, 0xdd, 0x3a, - 0x46, 0x98, 0x7a, 0x27, 0x20, 0x98, 0xc3, 0xa8, 0xa1, 0xd9, 0x8c, 0x77, 0x70, 0x27, 0x10, 0xe1, - 0xa4, 0xca, 0xd0, 0x9c, 0x65, 0xad, 0x58, 0x40, 0xd1, 0x27, 0x2d, 0x18, 0x4d, 0x98, 0xf7, 0x9a, - 0xbb, 0x67, 0xc5, 0xe7, 0xbf, 0x7a, 0xf4, 0xda, 0x7f, 0xaa, 0x10, 0x24, 0x8b, 0x10, 0x31, 0x5b, - 0x70, 0x86, 0x23, 0xfa, 0x69, 0x0b, 0xea, 0xea, 0x0a, 0x00, 0x71, 0x01, 0xd6, 0x4a, 0xb1, 0xb5, - 0x07, 0xb9, 0x5f, 0x4f, 0x1d, 0x04, 0xe8, 0x3b, 0xbd, 0x35, 0x63, 0x94, 0x28, 0xdf, 0xe9, 0xf0, - 0xf1, 0xf8, 0x4e, 0xa1, 0x87, 0xdf, 0xf4, 0x3d, 0x50, 0x6f, 0x3b, 0x81, 0xb7, 0x4e, 0x92, 0x94, - 0xbb, 0x33, 0x65, 0x49, 0x54, 0xd9, 0x88, 0x35, 0x9c, 0x2e, 0x8d, 0x09, 0x7b, 0xb1, 0xd4, 0xf0, - 0x3f, 0xb2, 0xa5, 0x71, 0x45, 0x37, 0x63, 0x13, 0xc7, 0x74, 0x96, 0xc2, 0x03, 0x75, 0x96, 0x8e, - 0xec, 0xe3, 0x2c, 0xfd, 0x7b, 0x16, 0x9c, 0xeb, 0xf9, 0xd5, 0x1e, 0xde, 0xc0, 0x3f, 0xfb, 0x2b, - 0x55, 0x38, 0xd3, 0xa3, 0xca, 0x25, 0xda, 0x31, 0xc7, 0xb3, 0x55, 0xc4, 0x19, 0x7a, 0xf6, 0x48, - 0x58, 0x76, 0x63, 0x8f, 0x41, 0x7c, 0xb0, 0xa3, 0x0a, 0x7d, 0x5c, 0x50, 0xbe, 0xbf, 0xc7, 0x05, - 0xc6, 0xb0, 0xac, 0x3c, 0xd0, 0x61, 0x59, 0xbd, 0xf7, 0xb0, 0x44, 0xbf, 0x66, 0xc1, 0x78, 0xbb, - 0x4f, 0x69, 0x75, 0xe1, 0x02, 0xbc, 0x79, 0x3c, 0x85, 0xdb, 0x1b, 0x8f, 0xef, 0xed, 0x4e, 0xf4, - 0xad, 0x68, 0x8f, 0xfb, 0x4a, 0x65, 0x7f, 0xa7, 0x0c, 0xac, 0xc4, 0x2a, 0xab, 0x64, 0xb6, 0x83, - 0x3e, 0x61, 0x16, 0xcb, 0xb5, 0x8a, 0x2a, 0xec, 0xca, 0x89, 0xab, 0x62, 0xbb, 0xbc, 0x07, 0x7b, - 0xd5, 0xde, 0xcd, 0x2b, 0xad, 0xd2, 0x00, 0x4a, 0xcb, 0x97, 0x55, 0x89, 0xcb, 0xc5, 0x57, 0x25, - 0xae, 0xe7, 0x2b, 0x12, 0xdf, 0xfb, 0x13, 0x57, 0x1e, 0xca, 0x4f, 0xfc, 0xd7, 0x2c, 0xae, 0x78, - 0x72, 0x5f, 0x41, 0x5b, 0x06, 0xd6, 0x3d, 0x2c, 0x83, 0x67, 0xd9, 0xed, 0xec, 0xeb, 0x57, 0x88, - 0xe3, 0x0b, 0x0b, 0xc2, 0xbc, 0x68, 0x9d, 0xb5, 0x63, 0x85, 0xc1, 0x2e, 0x2b, 0xf4, 0xfd, 0xf0, - 0xce, 0xa5, 0x76, 0x94, 0xee, 0x08, 0x5b, 0x42, 0x5f, 0x56, 0xa8, 0x20, 0xd8, 0xc0, 0xb2, 0xff, - 0x7a, 0x89, 0x8f, 0x40, 0x11, 0x04, 0xf0, 0x52, 0xee, 0x7a, 0xa9, 0xc1, 0xcf, 0xcf, 0x3f, 0x06, - 0xe0, 0xaa, 0x8b, 0x99, 0xc5, 0xe9, 0xcc, 0x95, 0x23, 0xdf, 0x1a, 0x2b, 0xe8, 0xe9, 0xd7, 0xd0, - 0x6d, 0xd8, 0xe0, 0x97, 0xd1, 0xa5, 0xe5, 0x7d, 0x75, 0x69, 0x46, 0xad, 0x54, 0xf6, 0x59, 0xed, - 0xfe, 0xd8, 0x82, 0x8c, 0x45, 0x84, 0x22, 0xa8, 0x52, 0x71, 0x77, 0x8a, 0xb9, 0x73, 0xda, 0x24, - 0x4d, 0x55, 0xa3, 0x18, 0xf6, 0xec, 0x27, 0xe6, 0x8c, 0x90, 0x2f, 0x62, 0x05, 0x4a, 0x45, 0xdc, - 0x8b, 0x6e, 0x32, 0xbc, 0x12, 0x86, 0x9b, 0xfc, 0x88, 0x51, 0xc7, 0x1d, 0xd8, 0x2f, 0xc1, 0x58, - 0x97, 0x50, 0xec, 0x26, 0x99, 0x50, 0x5e, 0xb4, 0x6d, 0x0c, 0x57, 0x96, 0xc0, 0x88, 0x39, 0xcc, - 0x7e, 0xcb, 0x82, 0xd3, 0x79, 0xf2, 0xe8, 0xab, 0x16, 0x8c, 0x25, 0x79, 0x7a, 0xc7, 0xd5, 0x77, - 0x2a, 0xde, 0xaf, 0x0b, 0x84, 0xbb, 0x85, 0xb0, 0xff, 0x8f, 0x18, 0xfc, 0xb7, 0xbc, 0xa0, 0x19, - 0xde, 0x51, 0x86, 0x89, 0xd5, 0xd7, 0x30, 0xa1, 0xf3, 0xd1, 0xdd, 0x20, 0xcd, 0x8e, 0xdf, 0x95, - 0x39, 0xb9, 0x22, 0xda, 0xb1, 0xc2, 0x60, 0x89, 0x62, 0x1d, 0x51, 0xb6, 0x3c, 0x37, 0x28, 0x67, - 0x45, 0x3b, 0x56, 0x18, 0xe8, 0x05, 0x18, 0x35, 0x2f, 0x93, 0x17, 0xe3, 0x92, 0x19, 0xe4, 0xe6, - 0xbd, 0xf3, 0x38, 0x83, 0x85, 0x26, 0x01, 0x94, 0x91, 0x23, 0x97, 0x48, 0xe6, 0xb2, 0x51, 0x9a, - 0x28, 0xc1, 0x06, 0x06, 0x4b, 0xcb, 0xe4, 0x37, 0xb6, 0xcb, 0xa8, 0x58, 0x9e, 0x96, 0x29, 0xda, - 0xb0, 0x82, 0x52, 0x6d, 0xd2, 0x76, 0x82, 0x8e, 0xe3, 0xd3, 0x1e, 0x12, 0xb9, 0xe4, 0x6a, 0x1a, - 0x2e, 0x2a, 0x08, 0x36, 0xb0, 0xe8, 0x1b, 0xa7, 0x5e, 0x9b, 0xbc, 0x1a, 0x06, 0x32, 0x4e, 0x4b, - 0x1f, 0xc0, 0x88, 0x76, 0xac, 0x30, 0xec, 0xff, 0x6c, 0xc1, 0x29, 0x9d, 0xe4, 0xcd, 0xef, 0x8c, - 0x35, 0xf7, 0x8c, 0xd6, 0xbe, 0xf9, 0xeb, 0xd9, 0xec, 0xd7, 0xd2, 0x40, 0xd9, 0xaf, 0x66, 0x62, - 0x6a, 0xf9, 0x9e, 0x89, 0xa9, 0x3f, 0xa8, 0xef, 0x23, 0xe4, 0x19, 0xac, 0x23, 0xbd, 0xee, 0x22, - 0x44, 0x36, 0x0c, 0xb9, 0x8e, 0xaa, 0x70, 0x32, 0xca, 0xf7, 0x0e, 0x33, 0xd3, 0x0c, 0x49, 0x40, - 0xec, 0x25, 0xa8, 0xab, 0x73, 0x08, 0xb9, 0x51, 0xb5, 0x7a, 0x6f, 0x54, 0x07, 0x4a, 0x90, 0x6b, - 0xac, 0x7d, 0xf3, 0xbb, 0x4f, 0xbe, 0xe3, 0x77, 0xbf, 0xfb, 0xe4, 0x3b, 0xfe, 0xe0, 0xbb, 0x4f, - 0xbe, 0xe3, 0x93, 0x7b, 0x4f, 0x5a, 0xdf, 0xdc, 0x7b, 0xd2, 0xfa, 0xdd, 0xbd, 0x27, 0xad, 0x3f, - 0xd8, 0x7b, 0xd2, 0xfa, 0xce, 0xde, 0x93, 0xd6, 0x97, 0xfe, 0xc3, 0x93, 0xef, 0x78, 0xb5, 0x67, - 0xa0, 0x1e, 0xfd, 0xf1, 0x9c, 0xdb, 0x9c, 0xda, 0xba, 0xc8, 0x62, 0xc5, 0xe8, 0xf4, 0x9a, 0x32, - 0xc6, 0xd4, 0x94, 0x9c, 0x5e, 0xff, 0x3f, 0x00, 0x00, 0xff, 0xff, 0xc3, 0xee, 0x24, 0x07, 0x84, - 0xd9, 0x00, 0x00, + // 10639 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x7d, 0x70, 0x1c, 0xc9, + 0x75, 0x18, 0xae, 0xd9, 0x0f, 0x60, 0xf7, 0x01, 0xfc, 0x40, 0x93, 0xbc, 0x03, 0xa9, 0xbb, 0x03, + 0x3d, 0x57, 0x3e, 0x9f, 0x7e, 0xba, 0x03, 0x7c, 0xd4, 0x9d, 0x7e, 0x17, 0x9f, 0x2d, 0x19, 0x0b, + 0x90, 0x20, 0x48, 0x80, 0xc0, 0x35, 0x40, 0x52, 0x3a, 0xf9, 0x74, 0x1a, 0xcc, 0x36, 0x16, 0x43, + 0xcc, 0xce, 0xec, 0xcd, 0xcc, 0x82, 0xc0, 0x59, 0x92, 0x25, 0xcb, 0x1f, 0x4a, 0xf4, 0x19, 0x29, + 0x29, 0xcb, 0x49, 0xe4, 0xc8, 0x96, 0x93, 0x8a, 0x2b, 0x51, 0xc5, 0x49, 0xfe, 0x88, 0x13, 0x27, + 0xe5, 0xb2, 0x9d, 0x3f, 0x94, 0x52, 0x52, 0x76, 0xa5, 0x5c, 0x96, 0x93, 0xd8, 0x88, 0x84, 0x54, + 0x2a, 0xa9, 0x54, 0xc5, 0x55, 0x4e, 0xf2, 0x47, 0xc2, 0xa4, 0x2a, 0xa9, 0xfe, 0xee, 0x99, 0x9d, + 0x25, 0x16, 0xc0, 0x80, 0xa4, 0x94, 0xfb, 0x6f, 0xb7, 0xdf, 0x9b, 0xf7, 0x7a, 0x7a, 0xba, 0x5f, + 0xbf, 0xf7, 0xfa, 0xbd, 0xd7, 0xb0, 0xd0, 0xf2, 0x92, 0x8d, 0xee, 0xda, 0xa4, 0x1b, 0xb6, 0xa7, + 0x9c, 0xa8, 0x15, 0x76, 0xa2, 0xf0, 0x0e, 0xfb, 0xf1, 0xbc, 0xdb, 0x9c, 0xda, 0xba, 0x34, 0xd5, + 0xd9, 0x6c, 0x4d, 0x39, 0x1d, 0x2f, 0x9e, 0x72, 0x3a, 0x1d, 0xdf, 0x73, 0x9d, 0xc4, 0x0b, 0x83, + 0xa9, 0xad, 0x17, 0x1c, 0xbf, 0xb3, 0xe1, 0xbc, 0x30, 0xd5, 0x22, 0x01, 0x89, 0x9c, 0x84, 0x34, + 0x27, 0x3b, 0x51, 0x98, 0x84, 0xe8, 0x47, 0x35, 0xb5, 0x49, 0x49, 0x8d, 0xfd, 0x78, 0xc3, 0x6d, + 0x4e, 0x6e, 0x5d, 0x9a, 0xec, 0x6c, 0xb6, 0x26, 0x29, 0xb5, 0x49, 0x83, 0xda, 0xa4, 0xa4, 0x76, + 0xe1, 0x79, 0xa3, 0x2f, 0xad, 0xb0, 0x15, 0x4e, 0x31, 0xa2, 0x6b, 0xdd, 0x75, 0xf6, 0x8f, 0xfd, + 0x61, 0xbf, 0x38, 0xb3, 0x0b, 0xf6, 0xe6, 0xcb, 0xf1, 0xa4, 0x17, 0xd2, 0xee, 0x4d, 0xb9, 0x61, + 0x44, 0xa6, 0xb6, 0x7a, 0x3a, 0x74, 0xe1, 0xaa, 0xc6, 0x21, 0xdb, 0x09, 0x09, 0x62, 0x2f, 0x0c, + 0xe2, 0xe7, 0x69, 0x17, 0x48, 0xb4, 0x45, 0x22, 0xf3, 0xf5, 0x0c, 0x84, 0x3c, 0x4a, 0x2f, 0x6a, + 0x4a, 0x6d, 0xc7, 0xdd, 0xf0, 0x02, 0x12, 0xed, 0xe8, 0xc7, 0xdb, 0x24, 0x71, 0xf2, 0x9e, 0x9a, + 0xea, 0xf7, 0x54, 0xd4, 0x0d, 0x12, 0xaf, 0x4d, 0x7a, 0x1e, 0x78, 0xef, 0x7e, 0x0f, 0xc4, 0xee, + 0x06, 0x69, 0x3b, 0x3d, 0xcf, 0xbd, 0xa7, 0xdf, 0x73, 0xdd, 0xc4, 0xf3, 0xa7, 0xbc, 0x20, 0x89, + 0x93, 0x28, 0xfb, 0x90, 0xfd, 0x26, 0x9c, 0x98, 0xbe, 0xbd, 0x32, 0xdd, 0x4d, 0x36, 0x66, 0xc2, + 0x60, 0xdd, 0x6b, 0xa1, 0x97, 0x60, 0xc4, 0xf5, 0xbb, 0x71, 0x42, 0xa2, 0x1b, 0x4e, 0x9b, 0x8c, + 0x5b, 0x17, 0xad, 0x67, 0xeb, 0x8d, 0x33, 0xdf, 0xdc, 0x9d, 0x78, 0xc7, 0xde, 0xee, 0xc4, 0xc8, + 0x8c, 0x06, 0x61, 0x13, 0x0f, 0xbd, 0x0b, 0x86, 0xa3, 0xd0, 0x27, 0xd3, 0xf8, 0xc6, 0x78, 0x89, + 0x3d, 0x72, 0x4a, 0x3c, 0x32, 0x8c, 0x79, 0x33, 0x96, 0x70, 0xfb, 0x0f, 0x4b, 0x00, 0xd3, 0x9d, + 0xce, 0x72, 0x14, 0xde, 0x21, 0x6e, 0x82, 0x3e, 0x02, 0x35, 0x3a, 0x74, 0x4d, 0x27, 0x71, 0x18, + 0xb7, 0x91, 0x4b, 0x3f, 0x3c, 0xc9, 0xdf, 0x64, 0xd2, 0x7c, 0x13, 0x3d, 0x71, 0x28, 0xf6, 0xe4, + 0xd6, 0x0b, 0x93, 0x4b, 0x6b, 0xf4, 0xf9, 0x45, 0x92, 0x38, 0x0d, 0x24, 0x98, 0x81, 0x6e, 0xc3, + 0x8a, 0x2a, 0x0a, 0xa0, 0x12, 0x77, 0x88, 0xcb, 0x3a, 0x36, 0x72, 0x69, 0x61, 0xf2, 0x28, 0x33, + 0x74, 0x52, 0xf7, 0x7c, 0xa5, 0x43, 0xdc, 0xc6, 0xa8, 0xe0, 0x5c, 0xa1, 0xff, 0x30, 0xe3, 0x83, + 0xb6, 0x60, 0x28, 0x4e, 0x9c, 0xa4, 0x1b, 0x8f, 0x97, 0x19, 0xc7, 0x1b, 0x85, 0x71, 0x64, 0x54, + 0x1b, 0x27, 0x05, 0xcf, 0x21, 0xfe, 0x1f, 0x0b, 0x6e, 0xf6, 0x9f, 0x58, 0x70, 0x52, 0x23, 0x2f, + 0x78, 0x71, 0x82, 0x7e, 0xa2, 0x67, 0x70, 0x27, 0x07, 0x1b, 0x5c, 0xfa, 0x34, 0x1b, 0xda, 0xd3, + 0x82, 0x59, 0x4d, 0xb6, 0x18, 0x03, 0xdb, 0x86, 0xaa, 0x97, 0x90, 0x76, 0x3c, 0x5e, 0xba, 0x58, + 0x7e, 0x76, 0xe4, 0xd2, 0xd5, 0xa2, 0xde, 0xb3, 0x71, 0x42, 0x30, 0xad, 0xce, 0x53, 0xf2, 0x98, + 0x73, 0xb1, 0x7f, 0x6d, 0xd4, 0x7c, 0x3f, 0x3a, 0xe0, 0xe8, 0x05, 0x18, 0x89, 0xc3, 0x6e, 0xe4, + 0x12, 0x4c, 0x3a, 0x61, 0x3c, 0x6e, 0x5d, 0x2c, 0xd3, 0xa9, 0x47, 0x67, 0xea, 0x8a, 0x6e, 0xc6, + 0x26, 0x0e, 0xfa, 0xbc, 0x05, 0xa3, 0x4d, 0x12, 0x27, 0x5e, 0xc0, 0xf8, 0xcb, 0xce, 0xaf, 0x1e, + 0xb9, 0xf3, 0xb2, 0x71, 0x56, 0x13, 0x6f, 0x9c, 0x15, 0x2f, 0x32, 0x6a, 0x34, 0xc6, 0x38, 0xc5, + 0x9f, 0xae, 0xb8, 0x26, 0x89, 0xdd, 0xc8, 0xeb, 0xd0, 0xff, 0x6c, 0xce, 0x18, 0x2b, 0x6e, 0x56, + 0x83, 0xb0, 0x89, 0x87, 0x02, 0xa8, 0xd2, 0x15, 0x15, 0x8f, 0x57, 0x58, 0xff, 0xe7, 0x8f, 0xd6, + 0x7f, 0x31, 0xa8, 0x74, 0xb1, 0xea, 0xd1, 0xa7, 0xff, 0x62, 0xcc, 0xd9, 0xa0, 0xcf, 0x59, 0x30, + 0x2e, 0x56, 0x3c, 0x26, 0x7c, 0x40, 0x6f, 0x6f, 0x78, 0x09, 0xf1, 0xbd, 0x38, 0x19, 0xaf, 0xb2, + 0x3e, 0x4c, 0x0d, 0x36, 0xb7, 0xe6, 0xa2, 0xb0, 0xdb, 0xb9, 0xee, 0x05, 0xcd, 0xc6, 0x45, 0xc1, + 0x69, 0x7c, 0xa6, 0x0f, 0x61, 0xdc, 0x97, 0x25, 0xfa, 0xb2, 0x05, 0x17, 0x02, 0xa7, 0x4d, 0xe2, + 0x8e, 0x43, 0x3f, 0x2d, 0x07, 0x37, 0x7c, 0xc7, 0xdd, 0x64, 0x3d, 0x1a, 0x3a, 0x5c, 0x8f, 0x6c, + 0xd1, 0xa3, 0x0b, 0x37, 0xfa, 0x92, 0xc6, 0xf7, 0x61, 0x8b, 0xbe, 0x6e, 0xc1, 0x58, 0x18, 0x75, + 0x36, 0x9c, 0x80, 0x34, 0x25, 0x34, 0x1e, 0x1f, 0x66, 0x4b, 0xef, 0xc3, 0x47, 0xfb, 0x44, 0x4b, + 0x59, 0xb2, 0x8b, 0x61, 0xe0, 0x25, 0x61, 0xb4, 0x42, 0x92, 0xc4, 0x0b, 0x5a, 0x71, 0xe3, 0xdc, + 0xde, 0xee, 0xc4, 0x58, 0x0f, 0x16, 0xee, 0xed, 0x0f, 0xfa, 0x49, 0x18, 0x89, 0x77, 0x02, 0xf7, + 0xb6, 0x17, 0x34, 0xc3, 0xbb, 0xf1, 0x78, 0xad, 0x88, 0xe5, 0xbb, 0xa2, 0x08, 0x8a, 0x05, 0xa8, + 0x19, 0x60, 0x93, 0x5b, 0xfe, 0x87, 0xd3, 0x53, 0xa9, 0x5e, 0xf4, 0x87, 0xd3, 0x93, 0xe9, 0x3e, + 0x6c, 0xd1, 0xcf, 0x5b, 0x70, 0x22, 0xf6, 0x5a, 0x81, 0x93, 0x74, 0x23, 0x72, 0x9d, 0xec, 0xc4, + 0xe3, 0xc0, 0x3a, 0x72, 0xed, 0x88, 0xa3, 0x62, 0x90, 0x6c, 0x9c, 0x13, 0x7d, 0x3c, 0x61, 0xb6, + 0xc6, 0x38, 0xcd, 0x37, 0x6f, 0xa1, 0xe9, 0x69, 0x3d, 0x52, 0xec, 0x42, 0xd3, 0x93, 0xba, 0x2f, + 0x4b, 0xf4, 0xe3, 0x70, 0x9a, 0x37, 0xa9, 0x91, 0x8d, 0xc7, 0x47, 0x99, 0xa0, 0x3d, 0xbb, 0xb7, + 0x3b, 0x71, 0x7a, 0x25, 0x03, 0xc3, 0x3d, 0xd8, 0xe8, 0x4d, 0x98, 0xe8, 0x90, 0xa8, 0xed, 0x25, + 0x4b, 0x81, 0xbf, 0x23, 0xc5, 0xb7, 0x1b, 0x76, 0x48, 0x53, 0x74, 0x27, 0x1e, 0x3f, 0x71, 0xd1, + 0x7a, 0xb6, 0xd6, 0xf8, 0x21, 0xd1, 0xcd, 0x89, 0xe5, 0xfb, 0xa3, 0xe3, 0xfd, 0xe8, 0xd9, 0xff, + 0xbc, 0x04, 0xa7, 0xb3, 0x1b, 0x27, 0xfa, 0x9b, 0x16, 0x9c, 0xba, 0x73, 0x37, 0x59, 0x0d, 0x37, + 0x49, 0x10, 0x37, 0x76, 0xa8, 0x78, 0x63, 0x5b, 0xc6, 0xc8, 0x25, 0xb7, 0xd8, 0x2d, 0x7a, 0xf2, + 0x5a, 0x9a, 0xcb, 0xe5, 0x20, 0x89, 0x76, 0x1a, 0x8f, 0x8b, 0xb7, 0x3b, 0x75, 0xed, 0xf6, 0xaa, + 0x09, 0xc5, 0xd9, 0x4e, 0x5d, 0xf8, 0x8c, 0x05, 0x67, 0xf3, 0x48, 0xa0, 0xd3, 0x50, 0xde, 0x24, + 0x3b, 0x5c, 0x2b, 0xc3, 0xf4, 0x27, 0x7a, 0x1d, 0xaa, 0x5b, 0x8e, 0xdf, 0x25, 0x42, 0xbb, 0x99, + 0x3b, 0xda, 0x8b, 0xa8, 0x9e, 0x61, 0x4e, 0xf5, 0x47, 0x4a, 0x2f, 0x5b, 0xf6, 0xef, 0x95, 0x61, + 0xc4, 0xd8, 0xdf, 0x1e, 0x80, 0xc6, 0x16, 0xa6, 0x34, 0xb6, 0xc5, 0xc2, 0xb6, 0xe6, 0xbe, 0x2a, + 0xdb, 0xdd, 0x8c, 0xca, 0xb6, 0x54, 0x1c, 0xcb, 0xfb, 0xea, 0x6c, 0x28, 0x81, 0x7a, 0xd8, 0xa1, + 0x1a, 0x39, 0xdd, 0xfa, 0x2b, 0x45, 0x7c, 0xc2, 0x25, 0x49, 0xae, 0x71, 0x62, 0x6f, 0x77, 0xa2, + 0xae, 0xfe, 0x62, 0xcd, 0xc8, 0xfe, 0xb6, 0x05, 0x67, 0x8d, 0x3e, 0xce, 0x84, 0x41, 0xd3, 0x63, + 0x9f, 0xf6, 0x22, 0x54, 0x92, 0x9d, 0x8e, 0x54, 0xfb, 0xd5, 0x48, 0xad, 0xee, 0x74, 0x08, 0x66, + 0x10, 0xaa, 0xe8, 0xb7, 0x49, 0x1c, 0x3b, 0x2d, 0x92, 0x55, 0xf4, 0x17, 0x79, 0x33, 0x96, 0x70, + 0x14, 0x01, 0xf2, 0x9d, 0x38, 0x59, 0x8d, 0x9c, 0x20, 0x66, 0xe4, 0x57, 0xbd, 0x36, 0x11, 0x03, + 0xfc, 0xff, 0x0d, 0x36, 0x63, 0xe8, 0x13, 0x8d, 0xc7, 0xf6, 0x76, 0x27, 0xd0, 0x42, 0x0f, 0x25, + 0x9c, 0x43, 0xdd, 0xfe, 0xb2, 0x05, 0x8f, 0xe5, 0xeb, 0x62, 0xe8, 0x19, 0x18, 0xe2, 0x26, 0x9f, + 0x78, 0x3b, 0xfd, 0x49, 0x58, 0x2b, 0x16, 0x50, 0x34, 0x05, 0x75, 0xb5, 0x4f, 0x88, 0x77, 0x1c, + 0x13, 0xa8, 0x75, 0xbd, 0xb9, 0x68, 0x1c, 0x3a, 0x68, 0xf4, 0x8f, 0xd0, 0xdc, 0xd4, 0xa0, 0x31, + 0x23, 0x89, 0x41, 0xec, 0x7f, 0x67, 0xc1, 0x29, 0xa3, 0x57, 0x0f, 0x40, 0x35, 0x0f, 0xd2, 0xaa, + 0xf9, 0x7c, 0x61, 0xf3, 0xb9, 0x8f, 0x6e, 0xfe, 0x39, 0x0b, 0x2e, 0x18, 0x58, 0x8b, 0x4e, 0xe2, + 0x6e, 0x5c, 0xde, 0xee, 0x44, 0x24, 0xa6, 0xe6, 0x34, 0x7a, 0xd2, 0x90, 0x5b, 0x8d, 0x11, 0x41, + 0xa1, 0x7c, 0x9d, 0xec, 0x70, 0x21, 0xf6, 0x1c, 0xd4, 0xf8, 0xe4, 0x0c, 0x23, 0x31, 0xe2, 0xea, + 0xdd, 0x96, 0x44, 0x3b, 0x56, 0x18, 0xc8, 0x86, 0x21, 0x26, 0x9c, 0xe8, 0x62, 0xa5, 0xdb, 0x10, + 0xd0, 0x8f, 0x78, 0x8b, 0xb5, 0x60, 0x01, 0xb1, 0x97, 0x52, 0xdd, 0x59, 0x8e, 0x08, 0xfb, 0xb8, + 0xcd, 0x2b, 0x1e, 0xf1, 0x9b, 0x31, 0x35, 0x1b, 0x9c, 0x20, 0x08, 0x13, 0x61, 0x01, 0x18, 0x66, + 0xc3, 0xb4, 0x6e, 0xc6, 0x26, 0x8e, 0xbd, 0x57, 0x62, 0xc6, 0x87, 0x5a, 0xd6, 0xe4, 0x41, 0x58, + 0xae, 0x51, 0x4a, 0x0e, 0x2e, 0x17, 0x27, 0x94, 0x48, 0x7f, 0xeb, 0xf5, 0xad, 0x8c, 0x28, 0xc4, + 0x85, 0x72, 0xbd, 0xbf, 0x05, 0xfb, 0xdb, 0x25, 0x98, 0x48, 0x3f, 0xd0, 0x23, 0x49, 0xa9, 0xb9, + 0x64, 0x30, 0xca, 0x3a, 0x28, 0x0c, 0x7c, 0x6c, 0xe2, 0xf5, 0x11, 0x46, 0xa5, 0xe3, 0x14, 0x46, + 0xa6, 0xac, 0x2c, 0xef, 0x23, 0x2b, 0x9f, 0x51, 0xa3, 0x5e, 0xc9, 0x08, 0xa7, 0xf4, 0x7e, 0x71, + 0x11, 0x2a, 0x71, 0x42, 0x3a, 0xe3, 0xd5, 0xb4, 0xac, 0x59, 0x49, 0x48, 0x07, 0x33, 0x88, 0xfd, + 0x9f, 0x4b, 0xf0, 0x78, 0x7a, 0x0c, 0xb5, 0x78, 0x7f, 0x7f, 0x4a, 0xbc, 0xbf, 0xdb, 0x14, 0xef, + 0xf7, 0x76, 0x27, 0xde, 0xd9, 0xe7, 0xb1, 0xef, 0x19, 0xe9, 0x8f, 0xe6, 0x32, 0xa3, 0x38, 0x95, + 0x1e, 0xc5, 0x7b, 0xbb, 0x13, 0x4f, 0xf6, 0x79, 0xc7, 0xcc, 0x30, 0x3f, 0x03, 0x43, 0x11, 0x71, + 0xe2, 0x30, 0x10, 0x03, 0xad, 0x3e, 0x07, 0x66, 0xad, 0x58, 0x40, 0xed, 0x7f, 0x55, 0xcf, 0x0e, + 0xf6, 0x1c, 0x77, 0xb0, 0x85, 0x11, 0xf2, 0xa0, 0xc2, 0x54, 0x76, 0x2e, 0x1a, 0xae, 0x1f, 0x6d, + 0x19, 0x51, 0x11, 0xaf, 0x48, 0x37, 0x6a, 0xf4, 0xab, 0xd1, 0x26, 0xcc, 0x58, 0xa0, 0x6d, 0xa8, + 0xb9, 0x52, 0x93, 0x2e, 0x15, 0xe1, 0x73, 0x12, 0x7a, 0xb4, 0xe6, 0x38, 0x4a, 0x65, 0xb1, 0x52, + 0xbf, 0x15, 0x37, 0x44, 0xa0, 0xdc, 0xf2, 0x12, 0xf1, 0x59, 0x8f, 0x68, 0x2b, 0xcd, 0x79, 0xc6, + 0x2b, 0x0e, 0xd3, 0x0d, 0x62, 0xce, 0x4b, 0x30, 0xa5, 0x8f, 0x7e, 0xd6, 0x82, 0x91, 0xd8, 0x6d, + 0x2f, 0x47, 0xe1, 0x96, 0xd7, 0x24, 0x91, 0xd0, 0x94, 0x8e, 0x28, 0x9a, 0x56, 0x66, 0x16, 0x25, + 0x41, 0xcd, 0x97, 0xdb, 0xae, 0x1a, 0x82, 0x4d, 0xbe, 0xd4, 0x82, 0x78, 0x5c, 0xbc, 0xfb, 0x2c, + 0x71, 0x3d, 0xba, 0xb7, 0x49, 0x83, 0x89, 0xcd, 0x94, 0x23, 0x6b, 0x8e, 0xb3, 0x5d, 0x77, 0x93, + 0xae, 0x37, 0xdd, 0xa1, 0x77, 0xee, 0xed, 0x4e, 0x3c, 0x3e, 0x93, 0xcf, 0x13, 0xf7, 0xeb, 0x0c, + 0x1b, 0xb0, 0x4e, 0xd7, 0xf7, 0x31, 0x79, 0xb3, 0x4b, 0x98, 0x3b, 0xa4, 0x80, 0x01, 0x5b, 0xd6, + 0x04, 0x33, 0x03, 0x66, 0x40, 0xb0, 0xc9, 0x17, 0xbd, 0x09, 0x43, 0x6d, 0x27, 0x89, 0xbc, 0x6d, + 0xe1, 0x03, 0x39, 0xa2, 0x2e, 0xbf, 0xc8, 0x68, 0x69, 0xe6, 0x6c, 0xeb, 0xe7, 0x8d, 0x58, 0x30, + 0x42, 0x6d, 0xa8, 0xb6, 0x49, 0xd4, 0x22, 0xe3, 0xb5, 0x22, 0xfc, 0xbd, 0x8b, 0x94, 0x94, 0x66, + 0x58, 0xa7, 0x9a, 0x0f, 0x6b, 0xc3, 0x9c, 0x0b, 0x7a, 0x1d, 0x6a, 0x31, 0xf1, 0x89, 0x4b, 0x75, + 0x97, 0x3a, 0xe3, 0xf8, 0x9e, 0x01, 0xf5, 0x38, 0x67, 0x8d, 0xf8, 0x2b, 0xe2, 0x51, 0xbe, 0xc0, + 0xe4, 0x3f, 0xac, 0x48, 0xd2, 0x01, 0xec, 0xf8, 0xdd, 0x96, 0x17, 0x8c, 0x43, 0x11, 0x03, 0xb8, + 0xcc, 0x68, 0x65, 0x06, 0x90, 0x37, 0x62, 0xc1, 0xc8, 0xfe, 0x0f, 0x16, 0xa0, 0xb4, 0x50, 0x7b, + 0x00, 0x0a, 0xeb, 0x9b, 0x69, 0x85, 0x75, 0xa1, 0x48, 0xad, 0xa3, 0x8f, 0xce, 0xfa, 0x9b, 0x75, + 0xc8, 0x6c, 0x07, 0x37, 0x48, 0x9c, 0x90, 0xe6, 0xdb, 0x22, 0xfc, 0x6d, 0x11, 0xfe, 0xb6, 0x08, + 0x57, 0x22, 0x7c, 0x2d, 0x23, 0xc2, 0xdf, 0x67, 0xac, 0x7a, 0x7d, 0x60, 0xfa, 0x86, 0x3a, 0x51, + 0x35, 0x7b, 0x60, 0x20, 0x50, 0x49, 0x70, 0x6d, 0x65, 0xe9, 0x46, 0xae, 0xcc, 0x7e, 0x23, 0x2d, + 0xb3, 0x8f, 0xca, 0xe2, 0xff, 0x05, 0x29, 0xfd, 0x57, 0x4b, 0x70, 0x3e, 0x2d, 0xbd, 0x70, 0xe8, + 0xfb, 0x61, 0x37, 0xa1, 0xb6, 0x00, 0xfa, 0x25, 0x0b, 0x4e, 0xb7, 0xd3, 0x46, 0x78, 0x2c, 0x7c, + 0x9d, 0x1f, 0x28, 0x4c, 0xb4, 0x66, 0xac, 0xfc, 0xc6, 0xb8, 0x10, 0xb3, 0xa7, 0x33, 0x80, 0x18, + 0xf7, 0xf4, 0x05, 0xbd, 0x0e, 0xf5, 0xb6, 0xb3, 0x7d, 0xb3, 0xd3, 0x74, 0x12, 0x69, 0x86, 0xf5, + 0xb7, 0x9e, 0xbb, 0x89, 0xe7, 0x4f, 0xf2, 0x13, 0xec, 0xc9, 0xf9, 0x20, 0x59, 0x8a, 0x56, 0x92, + 0xc8, 0x0b, 0x5a, 0xdc, 0xc3, 0xb5, 0x28, 0xc9, 0x60, 0x4d, 0xd1, 0xfe, 0xaa, 0x95, 0x95, 0xed, + 0x6a, 0x74, 0x22, 0x27, 0x21, 0xad, 0x1d, 0xf4, 0x51, 0xa8, 0x52, 0x7b, 0x49, 0x8e, 0xca, 0xed, + 0x22, 0x37, 0x1c, 0xe3, 0x4b, 0xe8, 0xbd, 0x87, 0xfe, 0x8b, 0x31, 0x67, 0x6a, 0x7f, 0x79, 0x38, + 0xbb, 0xc7, 0xb2, 0xf3, 0xcc, 0x4b, 0x00, 0xad, 0x70, 0x95, 0xb4, 0x3b, 0x3e, 0x1d, 0x16, 0x8b, + 0x39, 0xc5, 0x95, 0x8b, 0x60, 0x4e, 0x41, 0xb0, 0x81, 0x85, 0xfe, 0xbc, 0x05, 0xd0, 0x92, 0x53, + 0x45, 0xee, 0x9f, 0x37, 0x8b, 0x7c, 0x1d, 0x3d, 0x11, 0x75, 0x5f, 0x14, 0x43, 0x6c, 0x30, 0x47, + 0x3f, 0x6d, 0x41, 0x2d, 0x91, 0xdd, 0xe7, 0x3b, 0xca, 0x6a, 0x91, 0x3d, 0x91, 0x2f, 0xad, 0x55, + 0x09, 0x35, 0x24, 0x8a, 0x2f, 0xfa, 0x39, 0x0b, 0x20, 0xde, 0x09, 0xdc, 0xe5, 0xd0, 0xf7, 0xdc, + 0x1d, 0xb1, 0xd1, 0xdc, 0x2a, 0xd4, 0x8d, 0xa1, 0xa8, 0x37, 0x4e, 0xd2, 0xd1, 0xd0, 0xff, 0xb1, + 0xc1, 0x19, 0x7d, 0x1c, 0x6a, 0xb1, 0x98, 0x6e, 0x62, 0x6b, 0x59, 0x2d, 0xd6, 0x99, 0xc2, 0x69, + 0x0b, 0xa9, 0x24, 0xfe, 0x61, 0xc5, 0x13, 0xfd, 0x82, 0x05, 0xa7, 0x3a, 0x69, 0xd7, 0x97, 0xd8, + 0x45, 0x8a, 0x93, 0x01, 0x19, 0xd7, 0x5a, 0xe3, 0xcc, 0xde, 0xee, 0xc4, 0xa9, 0x4c, 0x23, 0xce, + 0xf6, 0x02, 0xcd, 0xc0, 0x98, 0x9e, 0xc1, 0x4b, 0x1d, 0xee, 0x86, 0x1b, 0x66, 0x6e, 0x38, 0x76, + 0x8a, 0x39, 0x97, 0x05, 0xe2, 0x5e, 0x7c, 0xb4, 0x0c, 0x67, 0x69, 0xef, 0x76, 0xb8, 0xd6, 0x26, + 0xa5, 0x72, 0xcc, 0xf6, 0x90, 0x5a, 0xe3, 0x09, 0x31, 0x43, 0x98, 0xa3, 0x3b, 0x8b, 0x83, 0x73, + 0x9f, 0xb4, 0xbf, 0x55, 0x4a, 0xf9, 0xc5, 0x95, 0xc3, 0x8a, 0xad, 0x31, 0x57, 0xfa, 0x0a, 0xa4, + 0xc8, 0x28, 0x74, 0x8d, 0x29, 0x4f, 0x84, 0x5e, 0x63, 0xaa, 0x29, 0xc6, 0x06, 0x73, 0xaa, 0xc0, + 0x8c, 0x39, 0x59, 0xb7, 0x98, 0x58, 0xf6, 0xaf, 0x17, 0xd9, 0xa5, 0xde, 0x53, 0x8c, 0xf3, 0xa2, + 0x6b, 0x63, 0x3d, 0x20, 0xdc, 0xdb, 0x25, 0xfb, 0x5b, 0x69, 0x5f, 0xbc, 0x31, 0x63, 0x07, 0x38, + 0x67, 0xf8, 0xbc, 0x05, 0x23, 0x51, 0xe8, 0xfb, 0x5e, 0xd0, 0xa2, 0xab, 0x4b, 0x6c, 0x11, 0x1f, + 0x3a, 0x16, 0x29, 0x2d, 0x96, 0x11, 0x53, 0x83, 0xb0, 0xe6, 0x89, 0xcd, 0x0e, 0xd8, 0x7f, 0x62, + 0xc1, 0x78, 0x3f, 0x29, 0x80, 0x08, 0xbc, 0x53, 0x4e, 0x71, 0x75, 0xca, 0xbe, 0x14, 0xcc, 0x12, + 0x9f, 0x28, 0x27, 0x65, 0xad, 0xf1, 0xb4, 0x78, 0xcd, 0x77, 0x2e, 0xf7, 0x47, 0xc5, 0xf7, 0xa3, + 0x83, 0x5e, 0x83, 0xd3, 0xc6, 0x7b, 0xc5, 0x6a, 0x60, 0xea, 0x8d, 0x49, 0xba, 0xed, 0x4e, 0x67, + 0x60, 0xf7, 0x76, 0x27, 0x1e, 0xcb, 0xb6, 0x09, 0x31, 0xd5, 0x43, 0xc7, 0xfe, 0xd5, 0x52, 0xf6, + 0x6b, 0xa9, 0x1d, 0xe6, 0x2b, 0x56, 0x8f, 0xe9, 0xf7, 0x81, 0xe3, 0x90, 0xea, 0xcc, 0x48, 0x54, + 0x07, 0xf9, 0xfd, 0x71, 0x1e, 0xe2, 0x49, 0xa1, 0xfd, 0x2f, 0x2a, 0x70, 0x9f, 0x9e, 0xa9, 0xb3, + 0x20, 0xab, 0xdf, 0x59, 0xd0, 0xc1, 0x8f, 0x97, 0x3e, 0x6b, 0xc1, 0x90, 0x4f, 0xb5, 0x50, 0x7e, + 0xde, 0x31, 0x72, 0xa9, 0x79, 0x5c, 0x63, 0xcf, 0x95, 0xdd, 0x98, 0x9f, 0x56, 0x2b, 0x97, 0x27, + 0x6f, 0xc4, 0xa2, 0x0f, 0xe8, 0x6b, 0x56, 0xfa, 0xf0, 0x84, 0x87, 0x1f, 0x79, 0xc7, 0xd6, 0x27, + 0xe3, 0x44, 0x86, 0x77, 0x4c, 0xfb, 0xfa, 0xfb, 0x9c, 0xd5, 0xa0, 0x49, 0x80, 0x75, 0x2f, 0x70, + 0x7c, 0xef, 0x2d, 0x6a, 0x4d, 0x57, 0xd9, 0xb6, 0xc2, 0xf6, 0xe9, 0x2b, 0xaa, 0x15, 0x1b, 0x18, + 0x17, 0xfe, 0x1c, 0x8c, 0x18, 0x6f, 0x9e, 0x73, 0xc8, 0x7e, 0xd6, 0x3c, 0x64, 0xaf, 0x1b, 0x67, + 0xe3, 0x17, 0xde, 0x07, 0xa7, 0xb3, 0x1d, 0x3c, 0xc8, 0xf3, 0xf6, 0xff, 0x18, 0xce, 0x9e, 0x78, + 0xac, 0x92, 0xa8, 0x4d, 0xbb, 0xf6, 0xb6, 0x17, 0xe2, 0x6d, 0x2f, 0xc4, 0xdb, 0x5e, 0x08, 0xd3, + 0x91, 0x2c, 0x2c, 0xec, 0xe1, 0x07, 0x64, 0x61, 0xa7, 0x7c, 0x06, 0xb5, 0xc2, 0x7d, 0x06, 0xf6, + 0x5e, 0x15, 0x52, 0x7a, 0x14, 0x1f, 0xef, 0x77, 0xc1, 0x70, 0x44, 0x3a, 0xe1, 0x4d, 0xbc, 0x20, + 0xf6, 0x10, 0x1d, 0x48, 0xcd, 0x9b, 0xb1, 0x84, 0xd3, 0xbd, 0xa6, 0xe3, 0x24, 0x1b, 0x62, 0x13, + 0x51, 0x7b, 0xcd, 0xb2, 0x93, 0x6c, 0x60, 0x06, 0x41, 0xef, 0x83, 0x93, 0x89, 0x13, 0xb5, 0x48, + 0x82, 0xc9, 0x16, 0xfb, 0xac, 0xe2, 0x5c, 0xec, 0x31, 0x81, 0x7b, 0x72, 0x35, 0x05, 0xc5, 0x19, + 0x6c, 0xf4, 0x26, 0x54, 0x36, 0x88, 0xdf, 0x16, 0x43, 0xbe, 0x52, 0x9c, 0x8c, 0x67, 0xef, 0x7a, + 0x95, 0xf8, 0x6d, 0x2e, 0x81, 0xe8, 0x2f, 0xcc, 0x58, 0xd1, 0xf9, 0x56, 0xdf, 0xec, 0xc6, 0x49, + 0xd8, 0xf6, 0xde, 0x92, 0xee, 0xa0, 0x0f, 0x14, 0xcc, 0xf8, 0xba, 0xa4, 0xcf, 0x1d, 0x08, 0xea, + 0x2f, 0xd6, 0x9c, 0x59, 0x3f, 0x9a, 0x5e, 0xc4, 0x3e, 0xd5, 0x8e, 0xf0, 0xea, 0x14, 0xdd, 0x8f, + 0x59, 0x49, 0x9f, 0xf7, 0x43, 0xfd, 0xc5, 0x9a, 0x33, 0xda, 0x51, 0xf3, 0x7e, 0x84, 0xf5, 0xe1, + 0x66, 0xc1, 0x7d, 0xe0, 0x73, 0x3e, 0x77, 0xfe, 0x3f, 0x0d, 0x55, 0x77, 0xc3, 0x89, 0x92, 0xf1, + 0x51, 0x36, 0x69, 0x94, 0x23, 0x63, 0x86, 0x36, 0x62, 0x0e, 0x43, 0x4f, 0x42, 0x39, 0x22, 0xeb, + 0x2c, 0x7e, 0xcf, 0x88, 0xec, 0xc0, 0x64, 0x1d, 0xd3, 0x76, 0xfb, 0x97, 0x4b, 0x69, 0x75, 0x29, + 0xfd, 0xde, 0x7c, 0xb6, 0xbb, 0xdd, 0x28, 0x96, 0xce, 0x0e, 0x63, 0xb6, 0xb3, 0x66, 0x2c, 0xe1, + 0xe8, 0x93, 0x16, 0x0c, 0xdf, 0x89, 0xc3, 0x20, 0x20, 0x89, 0xd8, 0x9a, 0x6e, 0x15, 0x3c, 0x14, + 0xd7, 0x38, 0x75, 0xdd, 0x07, 0xd1, 0x80, 0x25, 0x5f, 0xda, 0x5d, 0xb2, 0xed, 0xfa, 0xdd, 0x66, + 0xcf, 0x81, 0xfe, 0x65, 0xde, 0x8c, 0x25, 0x9c, 0xa2, 0x7a, 0x01, 0x47, 0xad, 0xa4, 0x51, 0xe7, + 0x03, 0x81, 0x2a, 0xe0, 0xf6, 0x5f, 0x1e, 0x82, 0x73, 0xb9, 0x8b, 0x83, 0x2a, 0x32, 0x4c, 0x55, + 0xb8, 0xe2, 0xf9, 0x44, 0x86, 0xa9, 0x30, 0x45, 0xe6, 0x96, 0x6a, 0xc5, 0x06, 0x06, 0xfa, 0x29, + 0x80, 0x8e, 0x13, 0x39, 0x6d, 0x22, 0x36, 0xf0, 0xf2, 0xd1, 0xf5, 0x05, 0xda, 0x8f, 0x65, 0x49, + 0x53, 0xdb, 0xa6, 0xaa, 0x29, 0xc6, 0x06, 0x4b, 0xf4, 0x12, 0x8c, 0x44, 0xc4, 0x27, 0x4e, 0xcc, + 0xc2, 0x3f, 0xb3, 0xb1, 0xec, 0x58, 0x83, 0xb0, 0x89, 0x87, 0x9e, 0x51, 0x11, 0x3d, 0x99, 0xe8, + 0x87, 0x74, 0x54, 0x0f, 0xfa, 0x82, 0x05, 0x27, 0xd7, 0x3d, 0x9f, 0x68, 0xee, 0x22, 0xf2, 0x7c, + 0xe9, 0xe8, 0x2f, 0x79, 0xc5, 0xa4, 0xab, 0x25, 0x64, 0xaa, 0x39, 0xc6, 0x19, 0xf6, 0xf4, 0x33, + 0x6f, 0x91, 0x88, 0x89, 0xd6, 0xa1, 0xf4, 0x67, 0xbe, 0xc5, 0x9b, 0xb1, 0x84, 0xa3, 0x69, 0x38, + 0xd5, 0x71, 0xe2, 0x78, 0x26, 0x22, 0x4d, 0x12, 0x24, 0x9e, 0xe3, 0xf3, 0xb8, 0xf0, 0x9a, 0x8e, + 0x0b, 0x5d, 0x4e, 0x83, 0x71, 0x16, 0x1f, 0x7d, 0x10, 0x1e, 0xf7, 0x5a, 0x41, 0x18, 0x91, 0x45, + 0x2f, 0x8e, 0xbd, 0xa0, 0xa5, 0xa7, 0x81, 0x70, 0x7a, 0x4c, 0x08, 0x52, 0x8f, 0xcf, 0xe7, 0xa3, + 0xe1, 0x7e, 0xcf, 0xa3, 0xe7, 0xa0, 0x16, 0x6f, 0x7a, 0x9d, 0x99, 0xa8, 0x19, 0x33, 0x07, 0x79, + 0x4d, 0xbb, 0xd8, 0x56, 0x44, 0x3b, 0x56, 0x18, 0xc8, 0x85, 0x51, 0xfe, 0x49, 0x78, 0xd8, 0x92, + 0x90, 0x8f, 0xcf, 0xf7, 0xdd, 0x1e, 0x45, 0xea, 0xd2, 0x24, 0x76, 0xee, 0x5e, 0x96, 0xee, 0xfa, + 0xc6, 0xe9, 0xbd, 0xdd, 0x89, 0xd1, 0x5b, 0x06, 0x19, 0x9c, 0x22, 0x6a, 0xff, 0x62, 0x29, 0x6d, + 0x71, 0x9b, 0x8b, 0x14, 0xc5, 0x74, 0x29, 0x26, 0xb7, 0x9c, 0x48, 0x7a, 0x63, 0x8e, 0x18, 0xbe, + 0x2e, 0xe8, 0xde, 0x72, 0x22, 0x73, 0x51, 0x33, 0x06, 0x58, 0x72, 0x42, 0x77, 0xa0, 0x92, 0xf8, + 0x4e, 0x41, 0xf9, 0x2e, 0x06, 0x47, 0xed, 0x00, 0x59, 0x98, 0x8e, 0x31, 0xe3, 0x81, 0x9e, 0xa0, + 0x5a, 0xff, 0x9a, 0x8c, 0x71, 0x13, 0x8a, 0xfa, 0x5a, 0x8c, 0x59, 0xab, 0xfd, 0x7f, 0x6a, 0x39, + 0x72, 0x55, 0x6d, 0x64, 0xe8, 0x12, 0x00, 0x35, 0x20, 0x97, 0x23, 0xb2, 0xee, 0x6d, 0x0b, 0x45, + 0x42, 0xad, 0xdd, 0x1b, 0x0a, 0x82, 0x0d, 0x2c, 0xf9, 0xcc, 0x4a, 0x77, 0x9d, 0x3e, 0x53, 0xea, + 0x7d, 0x86, 0x43, 0xb0, 0x81, 0x85, 0x5e, 0x84, 0x21, 0xaf, 0xed, 0xb4, 0x54, 0x28, 0xde, 0x13, + 0x74, 0xd1, 0xce, 0xb3, 0x96, 0x7b, 0xbb, 0x13, 0x27, 0x55, 0x87, 0x58, 0x13, 0x16, 0xb8, 0xe8, + 0x57, 0x2d, 0x18, 0x75, 0xc3, 0x76, 0x3b, 0x0c, 0xb8, 0xd9, 0x25, 0x6c, 0xc8, 0x3b, 0xc7, 0xb5, + 0xcd, 0x4f, 0xce, 0x18, 0xcc, 0xb8, 0x11, 0xa9, 0x12, 0x73, 0x4c, 0x10, 0x4e, 0xf5, 0xca, 0x5c, + 0xdb, 0xd5, 0x7d, 0xd6, 0xf6, 0x6f, 0x58, 0x30, 0xc6, 0x9f, 0x35, 0xac, 0x41, 0x91, 0x83, 0x12, + 0x1e, 0xf3, 0x6b, 0xf5, 0x18, 0xc8, 0xca, 0x4b, 0xd7, 0x03, 0xc7, 0xbd, 0x9d, 0x44, 0x73, 0x30, + 0xb6, 0x1e, 0x46, 0x2e, 0x31, 0x07, 0x42, 0x08, 0x26, 0x45, 0xe8, 0x4a, 0x16, 0x01, 0xf7, 0x3e, + 0x83, 0x6e, 0xc1, 0x63, 0x46, 0xa3, 0x39, 0x0e, 0x5c, 0x36, 0x3d, 0x25, 0xa8, 0x3d, 0x76, 0x25, + 0x17, 0x0b, 0xf7, 0x79, 0x3a, 0xed, 0x30, 0xa9, 0x0f, 0xe0, 0x30, 0x79, 0x03, 0xce, 0xbb, 0xbd, + 0x23, 0xb3, 0x15, 0x77, 0xd7, 0x62, 0x2e, 0xa9, 0x6a, 0x8d, 0x1f, 0x10, 0x04, 0xce, 0xcf, 0xf4, + 0x43, 0xc4, 0xfd, 0x69, 0xa0, 0x8f, 0x42, 0x2d, 0x22, 0xec, 0xab, 0xc4, 0x22, 0x21, 0xe3, 0x88, + 0x56, 0xb2, 0xd6, 0x40, 0x39, 0x59, 0x2d, 0x7b, 0x45, 0x43, 0x8c, 0x15, 0xc7, 0x0b, 0xef, 0x87, + 0xb1, 0x9e, 0xf9, 0x7c, 0x20, 0x9f, 0xc5, 0x2c, 0x3c, 0x96, 0x3f, 0x73, 0x0e, 0xe4, 0xb9, 0xf8, + 0x07, 0x99, 0x38, 0x43, 0x43, 0x9b, 0x1c, 0xc0, 0x0b, 0xe6, 0x40, 0x99, 0x04, 0x5b, 0x42, 0x90, + 0x5e, 0x39, 0xda, 0xe8, 0x5d, 0x0e, 0xb6, 0xf8, 0xc4, 0x67, 0xa6, 0xfe, 0xe5, 0x60, 0x0b, 0x53, + 0xda, 0xe8, 0x4b, 0x56, 0x4a, 0x1b, 0xe2, 0xbe, 0xb3, 0x0f, 0x1f, 0x8b, 0xfa, 0x3c, 0xb0, 0x82, + 0x64, 0xff, 0xcb, 0x12, 0x5c, 0xdc, 0x8f, 0xc8, 0x00, 0xc3, 0xf7, 0x34, 0x0c, 0xc5, 0xec, 0x08, + 0x54, 0x48, 0xa6, 0x11, 0x2a, 0x95, 0xf8, 0xa1, 0xe8, 0x1b, 0x58, 0x80, 0x90, 0x0f, 0xe5, 0xb6, + 0xd3, 0x11, 0x2e, 0x95, 0xf9, 0xa3, 0x66, 0x15, 0xd0, 0xff, 0x8e, 0xbf, 0xe8, 0x74, 0xb8, 0xa1, + 0x6e, 0x34, 0x60, 0xca, 0x06, 0x25, 0x50, 0x75, 0xa2, 0xc8, 0x91, 0xe7, 0x6d, 0xd7, 0x8b, 0xe1, + 0x37, 0x4d, 0x49, 0x36, 0xc6, 0xf6, 0x76, 0x27, 0x4e, 0xa4, 0x9a, 0x30, 0x67, 0x66, 0x7f, 0x76, + 0x38, 0x15, 0x59, 0xcf, 0x0e, 0x51, 0x63, 0x18, 0x12, 0x9e, 0x14, 0xab, 0xe8, 0x64, 0x0e, 0x9e, + 0x1a, 0xc5, 0x8c, 0x25, 0x91, 0x60, 0x2a, 0x58, 0xa1, 0xcf, 0x58, 0x2c, 0x8d, 0x53, 0x66, 0x1b, + 0x08, 0x13, 0xe5, 0x78, 0xb2, 0x4a, 0xcd, 0xe4, 0x50, 0xd9, 0x88, 0x4d, 0xee, 0x74, 0xeb, 0xea, + 0xf0, 0x84, 0xa4, 0xac, 0xa1, 0x22, 0x13, 0x3d, 0x25, 0x1c, 0x6d, 0xe7, 0x1c, 0x96, 0x16, 0x90, + 0x0a, 0x38, 0xc0, 0xf1, 0xe8, 0xd7, 0x2c, 0x18, 0xe3, 0xea, 0xe8, 0xac, 0xb7, 0xbe, 0x4e, 0x22, + 0x12, 0xb8, 0x44, 0x2a, 0xf4, 0x47, 0x3c, 0x8e, 0x97, 0xee, 0xab, 0xf9, 0x2c, 0x79, 0xbd, 0xa7, + 0xf5, 0x80, 0x70, 0x6f, 0x67, 0x50, 0x13, 0x2a, 0x5e, 0xb0, 0x1e, 0x8a, 0x9d, 0xbc, 0x71, 0xb4, + 0x4e, 0xcd, 0x07, 0xeb, 0xa1, 0x5e, 0xcd, 0xf4, 0x1f, 0x66, 0xd4, 0xd1, 0x02, 0x9c, 0x8d, 0x84, + 0xcb, 0xe5, 0xaa, 0x17, 0x53, 0xc3, 0x78, 0xc1, 0x6b, 0x7b, 0x09, 0xdb, 0x85, 0xcb, 0x8d, 0xf1, + 0xbd, 0xdd, 0x89, 0xb3, 0x38, 0x07, 0x8e, 0x73, 0x9f, 0x42, 0x6f, 0xc1, 0xb0, 0xcc, 0x3b, 0xad, + 0x15, 0x61, 0x1c, 0xf5, 0xce, 0x7f, 0x35, 0x99, 0x56, 0x44, 0x8a, 0xa9, 0x64, 0x68, 0x7f, 0x61, + 0x04, 0x7a, 0xcf, 0x06, 0xd1, 0xc7, 0xa0, 0x1e, 0xa9, 0x5c, 0x58, 0xab, 0x88, 0xf8, 0x3e, 0xf9, + 0x7d, 0xc5, 0xb9, 0xa4, 0xd2, 0x07, 0x74, 0xd6, 0xab, 0xe6, 0x48, 0xb5, 0xf6, 0x58, 0x1f, 0x21, + 0x16, 0x30, 0xb7, 0x05, 0x57, 0x7d, 0x3c, 0xb4, 0x13, 0xb8, 0x98, 0xf1, 0x40, 0x11, 0x0c, 0x6d, + 0x10, 0xc7, 0x4f, 0x36, 0x8a, 0xf1, 0x64, 0x5f, 0x65, 0xb4, 0xb2, 0x59, 0x13, 0xbc, 0x15, 0x0b, + 0x4e, 0x68, 0x1b, 0x86, 0x37, 0xf8, 0x04, 0x10, 0x8a, 0xf4, 0xe2, 0x51, 0x07, 0x37, 0x35, 0xab, + 0xf4, 0xe7, 0x16, 0x0d, 0x58, 0xb2, 0x63, 0x91, 0x16, 0xc6, 0xb1, 0x38, 0x5f, 0xba, 0xc5, 0x25, + 0x8c, 0x0c, 0x7e, 0x26, 0xfe, 0x11, 0x18, 0x8d, 0x88, 0x1b, 0x06, 0xae, 0xe7, 0x93, 0xe6, 0xb4, + 0xf4, 0x52, 0x1f, 0x24, 0xcd, 0x80, 0x19, 0xa3, 0xd8, 0xa0, 0x81, 0x53, 0x14, 0xd1, 0xa7, 0x2d, + 0x38, 0xa9, 0x12, 0xe8, 0xe8, 0x07, 0x21, 0xc2, 0x2b, 0xba, 0x50, 0x50, 0xba, 0x1e, 0xa3, 0xd9, + 0x40, 0x7b, 0xbb, 0x13, 0x27, 0xd3, 0x6d, 0x38, 0xc3, 0x17, 0xbd, 0x06, 0x10, 0xae, 0xf1, 0x70, + 0x8a, 0xe9, 0x44, 0xb8, 0x48, 0x0f, 0xf2, 0xaa, 0x27, 0x79, 0xbe, 0x91, 0xa4, 0x80, 0x0d, 0x6a, + 0xe8, 0x3a, 0x00, 0x5f, 0x36, 0xab, 0x3b, 0x1d, 0xa9, 0x6d, 0xcb, 0x3c, 0x11, 0x58, 0x51, 0x90, + 0x7b, 0xbb, 0x13, 0xbd, 0x2e, 0x2b, 0x76, 0x7a, 0x6f, 0x3c, 0x8e, 0x7e, 0x12, 0x86, 0xe3, 0x6e, + 0xbb, 0xed, 0x28, 0x07, 0x6a, 0x81, 0x19, 0x4c, 0x9c, 0xae, 0x21, 0x8a, 0x78, 0x03, 0x96, 0x1c, + 0xd1, 0x1d, 0x2a, 0x54, 0x63, 0xe1, 0x4b, 0x63, 0xab, 0x88, 0xeb, 0x04, 0x23, 0xec, 0x9d, 0xde, + 0x2b, 0xa3, 0x43, 0x70, 0x0e, 0xce, 0xbd, 0xdd, 0x89, 0xc7, 0xd2, 0xed, 0x0b, 0xa1, 0xc8, 0x29, + 0xca, 0xa5, 0x89, 0xae, 0xc9, 0x32, 0x14, 0xf4, 0xb5, 0x65, 0x76, 0xf4, 0xb3, 0xba, 0x0c, 0x05, + 0x6b, 0xee, 0x3f, 0x66, 0xe6, 0xc3, 0x68, 0x11, 0xce, 0xb8, 0x61, 0x90, 0x44, 0xa1, 0xef, 0xf3, + 0xda, 0x2a, 0xdc, 0xf0, 0xe1, 0x0e, 0xd6, 0x77, 0x8a, 0x6e, 0x9f, 0x99, 0xe9, 0x45, 0xc1, 0x79, + 0xcf, 0xd9, 0x41, 0x3a, 0xce, 0x4c, 0x0c, 0xce, 0x8b, 0x30, 0x4a, 0xb6, 0x13, 0x12, 0x05, 0x8e, + 0x7f, 0x13, 0x2f, 0x48, 0xd7, 0x22, 0x5b, 0x03, 0x97, 0x8d, 0x76, 0x9c, 0xc2, 0x42, 0xb6, 0xb2, + 0xf6, 0x4b, 0x3a, 0xf1, 0x8e, 0x5b, 0xfb, 0xd2, 0xb6, 0xb7, 0xff, 0x67, 0x29, 0xa5, 0x90, 0xad, + 0x46, 0x84, 0xa0, 0x10, 0xaa, 0x41, 0xd8, 0x54, 0xb2, 0xff, 0x5a, 0x31, 0xb2, 0xff, 0x46, 0xd8, + 0x34, 0x6a, 0x55, 0xd0, 0x7f, 0x31, 0xe6, 0x7c, 0x58, 0x32, 0xbf, 0xac, 0x7a, 0xc0, 0x00, 0xc2, + 0xd0, 0x28, 0x92, 0xb3, 0x4a, 0xe6, 0x5f, 0x32, 0x19, 0xe1, 0x34, 0x5f, 0xb4, 0x09, 0xd5, 0x8d, + 0x30, 0x4e, 0xa4, 0xf9, 0x71, 0x44, 0x4b, 0xe7, 0x6a, 0x18, 0x27, 0x4c, 0x8b, 0x50, 0xaf, 0x4d, + 0x5b, 0x62, 0xcc, 0x79, 0xd8, 0xff, 0xd1, 0x4a, 0x39, 0x92, 0x6f, 0xb3, 0x98, 0xcb, 0x2d, 0x12, + 0xd0, 0x65, 0x6d, 0xc6, 0xdb, 0xfc, 0xff, 0x99, 0xc4, 0xaf, 0x1f, 0xea, 0x57, 0x39, 0xe8, 0x2e, + 0xa5, 0x30, 0xc9, 0x48, 0x18, 0xa1, 0x39, 0x9f, 0xb0, 0xd2, 0x29, 0x78, 0xa5, 0x22, 0x0c, 0x0c, + 0x33, 0xc5, 0x74, 0xdf, 0x6c, 0x3e, 0xfb, 0x4b, 0x16, 0x0c, 0x37, 0x1c, 0x77, 0x33, 0x5c, 0x5f, + 0x47, 0xcf, 0x41, 0xad, 0xd9, 0x8d, 0xcc, 0x6c, 0x40, 0x65, 0x3d, 0xcf, 0x8a, 0x76, 0xac, 0x30, + 0xe8, 0x1c, 0x5e, 0x77, 0x5c, 0x99, 0x68, 0x5a, 0xe6, 0x73, 0xf8, 0x0a, 0x6b, 0xc1, 0x02, 0x82, + 0x5e, 0x82, 0x91, 0xb6, 0xb3, 0x2d, 0x1f, 0xce, 0x7a, 0xb1, 0x17, 0x35, 0x08, 0x9b, 0x78, 0xf6, + 0x3f, 0xb3, 0x60, 0xbc, 0xe1, 0xc4, 0x9e, 0x3b, 0xdd, 0x4d, 0x36, 0x1a, 0x5e, 0xb2, 0xd6, 0x75, + 0x37, 0x49, 0xc2, 0xb3, 0x8b, 0x69, 0x2f, 0xbb, 0x31, 0x5d, 0x4a, 0xca, 0xae, 0x53, 0xbd, 0xbc, + 0x29, 0xda, 0xb1, 0xc2, 0x40, 0x6f, 0xc1, 0x48, 0xc7, 0x89, 0xe3, 0xbb, 0x61, 0xd4, 0xc4, 0x64, + 0xbd, 0x98, 0xdc, 0xfe, 0x15, 0xe2, 0x46, 0x24, 0xc1, 0x64, 0x5d, 0x9c, 0xb4, 0x6a, 0xfa, 0xd8, + 0x64, 0x66, 0x7f, 0xde, 0x82, 0xf3, 0x0d, 0xe2, 0x44, 0x24, 0x62, 0xa5, 0x00, 0xd4, 0x8b, 0xcc, + 0xf8, 0x61, 0xb7, 0x89, 0xde, 0x84, 0x5a, 0x42, 0x9b, 0x69, 0xb7, 0xac, 0x62, 0xbb, 0xc5, 0x0e, + 0x4a, 0x57, 0x05, 0x71, 0xac, 0xd8, 0xd8, 0x7f, 0xc5, 0x82, 0x51, 0x76, 0xe6, 0x34, 0x4b, 0x12, + 0xc7, 0xf3, 0x7b, 0x2a, 0xe6, 0x58, 0x03, 0x56, 0xcc, 0xb9, 0x08, 0x95, 0x8d, 0xb0, 0x4d, 0xb2, + 0xe7, 0xa5, 0x57, 0x43, 0x6a, 0x56, 0x53, 0x08, 0x7a, 0x81, 0x7e, 0x78, 0x2f, 0x48, 0x1c, 0xba, + 0x04, 0xa4, 0x4f, 0xf3, 0x14, 0xff, 0xe8, 0xaa, 0x19, 0x9b, 0x38, 0xf6, 0x6f, 0xd7, 0x61, 0x58, + 0x1c, 0xaa, 0x0f, 0x9c, 0x61, 0x2e, 0xed, 0xfb, 0x52, 0x5f, 0xfb, 0x3e, 0x86, 0x21, 0x97, 0xd5, + 0xe3, 0x12, 0x6a, 0xe4, 0xf5, 0x42, 0xa2, 0x30, 0x78, 0x89, 0x2f, 0xdd, 0x2d, 0xfe, 0x1f, 0x0b, + 0x56, 0xe8, 0x8b, 0x16, 0x9c, 0x72, 0xc3, 0x20, 0x20, 0xae, 0xd6, 0x71, 0x2a, 0x45, 0x1c, 0xb6, + 0xcf, 0xa4, 0x89, 0xea, 0x03, 0x8f, 0x0c, 0x00, 0x67, 0xd9, 0xa3, 0x57, 0xe0, 0x04, 0x1f, 0xb3, + 0x5b, 0x29, 0x47, 0xac, 0x2e, 0xa4, 0x62, 0x02, 0x71, 0x1a, 0x17, 0x4d, 0x72, 0x87, 0xb6, 0x28, + 0x59, 0x32, 0xa4, 0x4f, 0xcf, 0x8c, 0x62, 0x25, 0x06, 0x06, 0x8a, 0x00, 0x45, 0x64, 0x3d, 0x22, + 0xf1, 0x86, 0x08, 0x3a, 0x60, 0xfa, 0xd5, 0xf0, 0xe1, 0x32, 0x56, 0x71, 0x0f, 0x25, 0x9c, 0x43, + 0x1d, 0x6d, 0x0a, 0x03, 0xb3, 0x56, 0x84, 0x0c, 0x15, 0x9f, 0xb9, 0xaf, 0x9d, 0x39, 0x01, 0xd5, + 0x78, 0xc3, 0x89, 0x9a, 0x4c, 0xaf, 0x2b, 0xf3, 0x2c, 0x89, 0x15, 0xda, 0x80, 0x79, 0x3b, 0x9a, + 0x85, 0xd3, 0x99, 0x32, 0x30, 0xb1, 0x70, 0x98, 0xaa, 0xd0, 0xfe, 0x4c, 0x01, 0x99, 0x18, 0xf7, + 0x3c, 0x61, 0x3a, 0x1f, 0x46, 0xf6, 0x71, 0x3e, 0xec, 0xa8, 0xd0, 0xb6, 0x51, 0xb6, 0x3f, 0xbe, + 0x5a, 0xc8, 0x00, 0x0c, 0x14, 0xc7, 0xf6, 0xb9, 0x4c, 0x1c, 0xdb, 0x09, 0xd6, 0x81, 0x5b, 0xc5, + 0x74, 0xe0, 0xe0, 0x41, 0x6b, 0x0f, 0x33, 0x08, 0xed, 0xbf, 0x5b, 0x20, 0xbf, 0xeb, 0x8c, 0xe3, + 0x6e, 0x10, 0x3a, 0x65, 0xd0, 0xfb, 0xe0, 0xa4, 0x32, 0xa1, 0x67, 0xc2, 0x6e, 0xc0, 0xe3, 0xcf, + 0xca, 0xfa, 0x64, 0x14, 0xa7, 0xa0, 0x38, 0x83, 0x8d, 0xa6, 0xa0, 0x4e, 0xc7, 0x89, 0x3f, 0xca, + 0xf7, 0x5a, 0x65, 0xa6, 0x4f, 0x2f, 0xcf, 0x8b, 0xa7, 0x34, 0x0e, 0x0a, 0x61, 0xcc, 0x77, 0xe2, + 0x84, 0xf5, 0x80, 0x5a, 0xd4, 0x87, 0xcc, 0x17, 0x67, 0xf1, 0xe3, 0x0b, 0x59, 0x42, 0xb8, 0x97, + 0xb6, 0xfd, 0xed, 0x0a, 0x9c, 0x48, 0x49, 0xc6, 0x03, 0x6e, 0xd2, 0xcf, 0x41, 0x4d, 0xee, 0x9b, + 0xd9, 0xaa, 0x15, 0x6a, 0x73, 0x55, 0x18, 0x74, 0xd3, 0x5a, 0xd3, 0xbb, 0x6a, 0x56, 0xa9, 0x30, + 0x36, 0x5c, 0x6c, 0xe2, 0x31, 0xa1, 0x9c, 0xf8, 0xf1, 0x8c, 0xef, 0x91, 0x20, 0xe1, 0xdd, 0x2c, + 0x46, 0x28, 0xaf, 0x2e, 0xac, 0x98, 0x44, 0xb5, 0x50, 0xce, 0x00, 0x70, 0x96, 0x3d, 0xfa, 0x19, + 0x0b, 0x4e, 0x38, 0x77, 0x63, 0x5d, 0x34, 0x52, 0x44, 0xac, 0x1d, 0x71, 0x93, 0x4a, 0xd5, 0xa1, + 0xe4, 0x2e, 0xdf, 0x54, 0x13, 0x4e, 0x33, 0x45, 0x5f, 0xb1, 0x00, 0x91, 0x6d, 0xe2, 0xca, 0x98, + 0x3a, 0xd1, 0x97, 0xa1, 0x22, 0x2c, 0xcd, 0xcb, 0x3d, 0x74, 0xb9, 0x54, 0xef, 0x6d, 0xc7, 0x39, + 0x7d, 0xb0, 0xff, 0x71, 0x59, 0x2d, 0x28, 0x1d, 0xc6, 0xe9, 0x18, 0xe1, 0x64, 0xd6, 0xe1, 0xc3, + 0xc9, 0xf4, 0xb1, 0x7c, 0x6f, 0x1a, 0x5a, 0x2a, 0xfd, 0xa6, 0xf4, 0x90, 0xd2, 0x6f, 0x7e, 0xda, + 0x4a, 0xd5, 0x67, 0x19, 0xb9, 0xf4, 0x5a, 0xb1, 0x21, 0xa4, 0x93, 0x3c, 0x64, 0x20, 0x23, 0xdd, + 0xd3, 0x91, 0x22, 0x54, 0x9a, 0x1a, 0x68, 0x07, 0x92, 0x86, 0xff, 0xa6, 0x0c, 0x23, 0xc6, 0x4e, + 0x9a, 0xab, 0x16, 0x59, 0x8f, 0x98, 0x5a, 0x54, 0x3a, 0x80, 0x5a, 0xf4, 0x53, 0x50, 0x77, 0xa5, + 0x94, 0x2f, 0xa6, 0x42, 0x69, 0x76, 0xef, 0xd0, 0x82, 0x5e, 0x35, 0x61, 0xcd, 0x13, 0xcd, 0xa5, + 0xf2, 0x57, 0xc4, 0x0e, 0x51, 0x61, 0x3b, 0x44, 0x5e, 0x82, 0x89, 0xd8, 0x29, 0x7a, 0x9f, 0x61, + 0x65, 0x7c, 0x3a, 0x9e, 0x78, 0x2f, 0x19, 0xe8, 0xcd, 0xcb, 0xf8, 0x2c, 0xcf, 0xcb, 0x66, 0x6c, + 0xe2, 0xd8, 0xdf, 0xb6, 0xd4, 0xc7, 0x7d, 0x00, 0x49, 0xed, 0x77, 0xd2, 0x49, 0xed, 0x97, 0x0b, + 0x19, 0xe6, 0x3e, 0xd9, 0xec, 0x37, 0x60, 0x78, 0x26, 0x6c, 0xb7, 0x9d, 0xa0, 0x89, 0x7e, 0x10, + 0x86, 0x5d, 0xfe, 0x53, 0x38, 0x76, 0xd8, 0xf1, 0xa0, 0x80, 0x62, 0x09, 0x43, 0x4f, 0x40, 0xc5, + 0x89, 0x5a, 0xd2, 0x99, 0xc3, 0x22, 0x4c, 0xa6, 0xa3, 0x56, 0x8c, 0x59, 0xab, 0xfd, 0xf7, 0x2b, + 0x00, 0x33, 0x61, 0xbb, 0xe3, 0x44, 0xa4, 0xb9, 0x1a, 0xb2, 0x0a, 0x69, 0xc7, 0x7a, 0xa8, 0xa6, + 0x8d, 0xa5, 0x47, 0xf9, 0x60, 0xcd, 0x38, 0x5c, 0x29, 0x3f, 0xe0, 0xc3, 0x95, 0x3e, 0xe7, 0x65, + 0x95, 0x47, 0xe8, 0xbc, 0xcc, 0xfe, 0xac, 0x05, 0x88, 0x4e, 0x9a, 0x30, 0x20, 0x41, 0xa2, 0x0f, + 0xb4, 0xa7, 0xa0, 0xee, 0xca, 0x56, 0xa1, 0x58, 0x69, 0x11, 0x21, 0x01, 0x58, 0xe3, 0x0c, 0x60, + 0x21, 0x3f, 0x2d, 0xe5, 0x77, 0x39, 0x1d, 0x9c, 0xca, 0xa4, 0xbe, 0x10, 0xe7, 0xf6, 0xef, 0x94, + 0xe0, 0x31, 0xbe, 0x25, 0x2f, 0x3a, 0x81, 0xd3, 0x22, 0x6d, 0xda, 0xab, 0x41, 0x43, 0x14, 0x5c, + 0x6a, 0x9a, 0x79, 0x32, 0xd8, 0xf4, 0xa8, 0x6b, 0x97, 0xaf, 0x39, 0xbe, 0xca, 0xe6, 0x03, 0x2f, + 0xc1, 0x8c, 0x38, 0x8a, 0xa1, 0x26, 0x4b, 0x72, 0x0b, 0x59, 0x5c, 0x10, 0x23, 0x25, 0x96, 0xc4, + 0xbe, 0x49, 0xb0, 0x62, 0x44, 0x15, 0x57, 0x3f, 0x74, 0x37, 0x31, 0xe9, 0x84, 0x4c, 0xee, 0x1a, + 0xb1, 0x7e, 0x0b, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, 0x77, 0x2c, 0xc8, 0xee, 0x48, 0x46, 0xb9, 0x2a, + 0xeb, 0xbe, 0xe5, 0xaa, 0x0e, 0x50, 0x2f, 0xea, 0x27, 0x60, 0xc4, 0x49, 0xa8, 0x12, 0xc1, 0xcd, + 0xee, 0xf2, 0xe1, 0x8e, 0x35, 0x16, 0xc3, 0xa6, 0xb7, 0xee, 0x31, 0x73, 0xdb, 0x24, 0x67, 0xff, + 0xd7, 0x0a, 0x8c, 0xf5, 0xa4, 0x44, 0xa0, 0x97, 0x61, 0xd4, 0x15, 0xd3, 0xa3, 0x23, 0x1d, 0x5a, + 0x75, 0x33, 0x36, 0x4c, 0xc3, 0x70, 0x0a, 0x73, 0x80, 0x09, 0x3a, 0x0f, 0x67, 0x22, 0x6a, 0xe8, + 0x77, 0xc9, 0xf4, 0x7a, 0x42, 0xa2, 0x15, 0xe2, 0x86, 0x41, 0x93, 0x17, 0x55, 0x2b, 0x37, 0x1e, + 0xdf, 0xdb, 0x9d, 0x38, 0x83, 0x7b, 0xc1, 0x38, 0xef, 0x19, 0xd4, 0x81, 0x13, 0xbe, 0xa9, 0x03, + 0x0a, 0x03, 0xe0, 0x50, 0xea, 0xa3, 0xd2, 0x11, 0x52, 0xcd, 0x38, 0xcd, 0x20, 0xad, 0x48, 0x56, + 0x1f, 0x92, 0x22, 0xf9, 0x29, 0xad, 0x48, 0xf2, 0xf3, 0xf7, 0x0f, 0x15, 0x9c, 0x12, 0x73, 0xdc, + 0x9a, 0xe4, 0xab, 0x50, 0x93, 0xb1, 0x49, 0x03, 0xc5, 0xf4, 0x98, 0x74, 0xfa, 0x48, 0xb4, 0x7b, + 0x25, 0xc8, 0x31, 0x42, 0xe8, 0x3a, 0xd3, 0x3b, 0x7e, 0x6a, 0x9d, 0x1d, 0x6c, 0xd7, 0x47, 0xdb, + 0x3c, 0x2e, 0x8b, 0xef, 0x6d, 0x1f, 0x2c, 0xda, 0x88, 0xd2, 0xa1, 0x5a, 0x2a, 0x53, 0x40, 0x85, + 0x6b, 0x5d, 0x02, 0xd0, 0x8a, 0x9a, 0x88, 0x03, 0x57, 0xc7, 0xbe, 0x5a, 0x9f, 0xc3, 0x06, 0x16, + 0xb5, 0xa9, 0xbd, 0x20, 0x4e, 0x1c, 0xdf, 0xbf, 0xea, 0x05, 0x89, 0x70, 0x0e, 0xaa, 0x4d, 0x7c, + 0x5e, 0x83, 0xb0, 0x89, 0x77, 0xe1, 0xbd, 0xc6, 0x77, 0x39, 0xc8, 0xf7, 0xdc, 0x80, 0xf3, 0x73, + 0x5e, 0xa2, 0xb2, 0x17, 0xd4, 0x3c, 0xa2, 0x7a, 0x98, 0xca, 0xc6, 0xb1, 0xfa, 0x66, 0xe3, 0x18, + 0xd9, 0x03, 0xa5, 0x74, 0xb2, 0x43, 0x36, 0x7b, 0xc0, 0x7e, 0x19, 0xce, 0xce, 0x79, 0xc9, 0x15, + 0xcf, 0x27, 0x07, 0x64, 0x62, 0xff, 0xd6, 0x10, 0x8c, 0x9a, 0xf9, 0x6f, 0x07, 0x49, 0x28, 0xfa, + 0x3c, 0x55, 0xb5, 0xc4, 0xdb, 0x79, 0xea, 0xd0, 0xec, 0xf6, 0x91, 0x93, 0xf1, 0xf2, 0x47, 0xcc, + 0xd0, 0xb6, 0x34, 0x4f, 0x6c, 0x76, 0x00, 0xdd, 0x85, 0xea, 0x3a, 0x8b, 0x6e, 0x2f, 0x17, 0x11, + 0x59, 0x90, 0x37, 0xa2, 0x7a, 0x99, 0xf1, 0xf8, 0x78, 0xce, 0x8f, 0xee, 0x90, 0x51, 0x3a, 0x65, + 0xca, 0x88, 0xc8, 0x14, 0xc9, 0x52, 0x0a, 0xa3, 0x9f, 0xa8, 0xaf, 0x1e, 0x42, 0xd4, 0xa7, 0x04, + 0xef, 0xd0, 0x43, 0x12, 0xbc, 0x2c, 0x53, 0x21, 0xd9, 0x60, 0xfa, 0x9b, 0x08, 0x21, 0x1f, 0x66, + 0x83, 0x60, 0x64, 0x2a, 0xa4, 0xc0, 0x38, 0x8b, 0x8f, 0x3e, 0xae, 0x44, 0x77, 0xad, 0x08, 0xbf, + 0xaa, 0x39, 0xa3, 0x8f, 0x5b, 0x6a, 0x7f, 0xb6, 0x04, 0x27, 0xe7, 0x82, 0xee, 0xf2, 0xdc, 0x72, + 0x77, 0xcd, 0xf7, 0xdc, 0xeb, 0x64, 0x87, 0x8a, 0xe6, 0x4d, 0xb2, 0x33, 0x3f, 0x2b, 0x56, 0x90, + 0x9a, 0x33, 0xd7, 0x69, 0x23, 0xe6, 0x30, 0x2a, 0x8c, 0xd6, 0xbd, 0xa0, 0x45, 0xa2, 0x4e, 0xe4, + 0x09, 0x97, 0xa7, 0x21, 0x8c, 0xae, 0x68, 0x10, 0x36, 0xf1, 0x28, 0xed, 0xf0, 0x6e, 0x40, 0xa2, + 0xac, 0x22, 0xbb, 0x44, 0x1b, 0x31, 0x87, 0x51, 0xa4, 0x24, 0xea, 0xc6, 0x89, 0x98, 0x8c, 0x0a, + 0x69, 0x95, 0x36, 0x62, 0x0e, 0xa3, 0x2b, 0x3d, 0xee, 0xae, 0xb1, 0xc0, 0x8d, 0x4c, 0xbc, 0xfa, + 0x0a, 0x6f, 0xc6, 0x12, 0x4e, 0x51, 0x37, 0xc9, 0xce, 0x2c, 0xb5, 0x7a, 0x33, 0x69, 0x2b, 0xd7, + 0x79, 0x33, 0x96, 0x70, 0x56, 0x0d, 0x2e, 0x3d, 0x1c, 0xdf, 0x73, 0xd5, 0xe0, 0xd2, 0xdd, 0xef, + 0x63, 0x3f, 0xff, 0x8a, 0x05, 0xa3, 0x66, 0xb8, 0x15, 0x6a, 0x65, 0x74, 0xdc, 0xa5, 0x9e, 0x62, + 0xa2, 0x3f, 0x96, 0x77, 0x73, 0x52, 0xcb, 0x4b, 0xc2, 0x4e, 0xfc, 0x3c, 0x09, 0x5a, 0x5e, 0x40, + 0xd8, 0x29, 0x3a, 0x0f, 0xd3, 0x4a, 0xc5, 0x72, 0xcd, 0x84, 0x4d, 0x72, 0x08, 0x25, 0xd9, 0xbe, + 0x0d, 0x63, 0x3d, 0xb9, 0x4a, 0x03, 0xa8, 0x16, 0xfb, 0x66, 0x8a, 0xda, 0x18, 0x46, 0x28, 0x61, + 0x59, 0x5a, 0x65, 0x06, 0xc6, 0xf8, 0x42, 0xa2, 0x9c, 0x56, 0xdc, 0x0d, 0xd2, 0x56, 0xf9, 0x67, + 0xcc, 0xbf, 0x7e, 0x2b, 0x0b, 0xc4, 0xbd, 0xf8, 0xf6, 0xe7, 0x2c, 0x38, 0x91, 0x4a, 0x1f, 0x2b, + 0x48, 0x09, 0x62, 0x2b, 0x2d, 0x64, 0xd1, 0x7f, 0x2c, 0x04, 0xba, 0xcc, 0x36, 0x53, 0xbd, 0xd2, + 0x34, 0x08, 0x9b, 0x78, 0xf6, 0x97, 0x4a, 0x50, 0x93, 0x11, 0x14, 0x03, 0x74, 0xe5, 0x33, 0x16, + 0x9c, 0x50, 0x67, 0x1a, 0xcc, 0x59, 0x56, 0x2a, 0x22, 0xd6, 0x9f, 0xf6, 0x40, 0x99, 0xdb, 0xc1, + 0x7a, 0xa8, 0x35, 0x72, 0x6c, 0x32, 0xc3, 0x69, 0xde, 0xe8, 0x16, 0x40, 0xbc, 0x13, 0x27, 0xa4, + 0x6d, 0xb8, 0xed, 0x6c, 0x63, 0xc5, 0x4d, 0xba, 0x61, 0x44, 0xe8, 0xfa, 0xba, 0x11, 0x36, 0xc9, + 0x8a, 0xc2, 0xd4, 0x2a, 0x94, 0x6e, 0xc3, 0x06, 0x25, 0xfb, 0xef, 0x96, 0xe0, 0x74, 0xb6, 0x4b, + 0xe8, 0x43, 0x30, 0x2a, 0xb9, 0x1b, 0xb7, 0x40, 0xc9, 0xb0, 0x91, 0x51, 0x6c, 0xc0, 0xee, 0xed, + 0x4e, 0x4c, 0xf4, 0xde, 0xc2, 0x35, 0x69, 0xa2, 0xe0, 0x14, 0x31, 0x7e, 0xb0, 0x24, 0x4e, 0x40, + 0x1b, 0x3b, 0xd3, 0x9d, 0x8e, 0x38, 0x1d, 0x32, 0x0e, 0x96, 0x4c, 0x28, 0xce, 0x60, 0xa3, 0x65, + 0x38, 0x6b, 0xb4, 0xdc, 0x20, 0x5e, 0x6b, 0x63, 0x2d, 0x8c, 0xa4, 0x65, 0xf5, 0x84, 0x0e, 0xec, + 0xea, 0xc5, 0xc1, 0xb9, 0x4f, 0xd2, 0xdd, 0xde, 0x75, 0x3a, 0x8e, 0xeb, 0x25, 0x3b, 0xc2, 0x0f, + 0xa9, 0x64, 0xd3, 0x8c, 0x68, 0xc7, 0x0a, 0xc3, 0x5e, 0x84, 0xca, 0x80, 0x33, 0x68, 0x20, 0x8d, + 0xfe, 0x55, 0xa8, 0x51, 0x72, 0x52, 0xbd, 0x2b, 0x82, 0x64, 0x08, 0x35, 0x79, 0x91, 0x03, 0xb2, + 0xa1, 0xec, 0x39, 0xf2, 0xec, 0x4e, 0xbd, 0xd6, 0x7c, 0x1c, 0x77, 0x99, 0x91, 0x4c, 0x81, 0xe8, + 0x69, 0x28, 0x93, 0xed, 0x4e, 0xf6, 0x90, 0xee, 0xf2, 0x76, 0xc7, 0x8b, 0x48, 0x4c, 0x91, 0xc8, + 0x76, 0x07, 0x5d, 0x80, 0x92, 0xd7, 0x14, 0x9b, 0x14, 0x08, 0x9c, 0xd2, 0xfc, 0x2c, 0x2e, 0x79, + 0x4d, 0x7b, 0x1b, 0xea, 0xea, 0xe6, 0x08, 0xb4, 0x29, 0x65, 0xb7, 0x55, 0x44, 0xc8, 0x93, 0xa4, + 0xdb, 0x47, 0x6a, 0x77, 0x01, 0x74, 0x1e, 0x5d, 0x51, 0xf2, 0xe5, 0x22, 0x54, 0xdc, 0x50, 0xe4, + 0xf8, 0xd6, 0x34, 0x19, 0x26, 0xb4, 0x19, 0xc4, 0xbe, 0x0d, 0x27, 0xaf, 0x07, 0xe1, 0x5d, 0x56, + 0x1a, 0x9b, 0x95, 0xb4, 0xa2, 0x84, 0xd7, 0xe9, 0x8f, 0xac, 0x8a, 0xc0, 0xa0, 0x98, 0xc3, 0x54, + 0xd9, 0xa3, 0x52, 0xbf, 0xb2, 0x47, 0xf6, 0x27, 0x2c, 0x38, 0xad, 0xb2, 0x81, 0xa4, 0x34, 0x7e, + 0x19, 0x46, 0xd7, 0xba, 0x9e, 0xdf, 0x94, 0x85, 0xb2, 0x32, 0x6e, 0x8a, 0x86, 0x01, 0xc3, 0x29, + 0x4c, 0x6a, 0x54, 0xad, 0x79, 0x81, 0x13, 0xed, 0x2c, 0x6b, 0xf1, 0xaf, 0x24, 0x42, 0x43, 0x41, + 0xb0, 0x81, 0x65, 0x7f, 0xc6, 0xec, 0x82, 0xc8, 0x3f, 0x1a, 0x60, 0x64, 0x6f, 0x42, 0xd5, 0x55, + 0x67, 0xbd, 0x87, 0x2a, 0xe6, 0xa7, 0xf2, 0xcb, 0x99, 0xbf, 0x9f, 0x53, 0xb3, 0xff, 0x49, 0x09, + 0x4e, 0xa4, 0x6a, 0x96, 0x20, 0x1f, 0x6a, 0xc4, 0x67, 0xae, 0x3c, 0x39, 0xc5, 0x8e, 0x5a, 0x2e, + 0x52, 0x2d, 0x8b, 0xcb, 0x82, 0x2e, 0x56, 0x1c, 0x1e, 0x8d, 0x23, 0xb5, 0x97, 0x61, 0x54, 0x76, + 0xe8, 0x83, 0x4e, 0xdb, 0x17, 0xab, 0x50, 0x4d, 0x80, 0xcb, 0x06, 0x0c, 0xa7, 0x30, 0xed, 0xdf, + 0x2d, 0xc3, 0x38, 0xf7, 0x7d, 0x36, 0x55, 0xd4, 0xcb, 0xa2, 0xd4, 0xb2, 0xfe, 0x82, 0xae, 0x2c, + 0xc4, 0x07, 0x72, 0xed, 0xa8, 0xd5, 0x99, 0xf3, 0x19, 0x0d, 0x14, 0x8f, 0xf1, 0x4b, 0x99, 0x78, + 0x0c, 0xbe, 0xd9, 0xb6, 0x8e, 0xa9, 0x47, 0xdf, 0x5b, 0x01, 0x1a, 0x7f, 0xab, 0x04, 0xa7, 0x32, + 0xa5, 0xaf, 0xd1, 0x17, 0xd2, 0x65, 0x1f, 0xad, 0x22, 0x3c, 0x64, 0xf7, 0xad, 0x86, 0x7c, 0xb0, + 0xe2, 0x8f, 0x0f, 0x69, 0xa9, 0xd8, 0x7f, 0x50, 0x82, 0x93, 0xe9, 0x9a, 0xdd, 0x8f, 0xe0, 0x48, + 0xbd, 0x1b, 0xea, 0xac, 0x2c, 0x2d, 0xbb, 0x67, 0x8c, 0x3b, 0xe2, 0x78, 0x29, 0x53, 0xd9, 0x88, + 0x35, 0xfc, 0x91, 0xa8, 0xa9, 0x69, 0xff, 0x6d, 0x0b, 0xce, 0xf1, 0xb7, 0xcc, 0xce, 0xc3, 0xbf, + 0x98, 0x37, 0xba, 0xaf, 0x17, 0xdb, 0xc1, 0x4c, 0x45, 0xac, 0xfd, 0xc6, 0x97, 0xdd, 0x6f, 0x24, + 0x7a, 0x9b, 0x9e, 0x0a, 0x8f, 0x60, 0x67, 0x0f, 0x34, 0x19, 0xec, 0x3f, 0x28, 0x83, 0xbe, 0xd2, + 0x09, 0x79, 0x22, 0xb3, 0xa9, 0x90, 0xca, 0x60, 0x2b, 0x3b, 0x81, 0xab, 0x2f, 0x8f, 0xaa, 0x65, + 0x12, 0x9b, 0x7e, 0xde, 0x82, 0x11, 0x2f, 0xf0, 0x12, 0xcf, 0x61, 0xca, 0x73, 0x31, 0x57, 0xd2, + 0x28, 0x76, 0xf3, 0x9c, 0x72, 0x18, 0x99, 0xde, 0x5b, 0xc5, 0x0c, 0x9b, 0x9c, 0xd1, 0x47, 0x44, + 0xc8, 0x64, 0xb9, 0xb0, 0x9c, 0xbc, 0x5a, 0x26, 0x4e, 0xb2, 0x03, 0xd5, 0x88, 0x24, 0x51, 0x41, + 0xa9, 0xac, 0x98, 0x92, 0x52, 0x45, 0x26, 0xf5, 0xe5, 0x9a, 0xb4, 0x19, 0x73, 0x46, 0x76, 0x0c, + 0xa8, 0x77, 0x2c, 0x0e, 0x18, 0x8e, 0x36, 0x05, 0x75, 0xa7, 0x9b, 0x84, 0x6d, 0x3a, 0x4c, 0xc2, + 0xc1, 0xac, 0x03, 0xee, 0x24, 0x00, 0x6b, 0x1c, 0xfb, 0x0b, 0x55, 0xc8, 0xa4, 0x1a, 0xa1, 0x6d, + 0xf3, 0x3a, 0x32, 0xab, 0xd8, 0xeb, 0xc8, 0x54, 0x67, 0xf2, 0xae, 0x24, 0x43, 0x2d, 0xa8, 0x76, + 0x36, 0x9c, 0x58, 0xea, 0xc6, 0xaf, 0xca, 0x61, 0x5a, 0xa6, 0x8d, 0xf7, 0x76, 0x27, 0x7e, 0x7c, + 0x30, 0x5f, 0x0b, 0x9d, 0xab, 0x53, 0x3c, 0x73, 0x5f, 0xb3, 0x66, 0x34, 0x30, 0xa7, 0x7f, 0x90, + 0x4b, 0x79, 0x3e, 0x29, 0x0a, 0x09, 0x63, 0x12, 0x77, 0xfd, 0x44, 0xcc, 0x86, 0x57, 0x0b, 0x5c, + 0x65, 0x9c, 0xb0, 0x4e, 0x92, 0xe5, 0xff, 0xb1, 0xc1, 0x14, 0x7d, 0x08, 0xea, 0x71, 0xe2, 0x44, + 0xc9, 0x21, 0xd3, 0xda, 0xd4, 0xa0, 0xaf, 0x48, 0x22, 0x58, 0xd3, 0x43, 0xaf, 0xb1, 0x42, 0x89, + 0x5e, 0xbc, 0x71, 0xc8, 0x48, 0x67, 0x59, 0x54, 0x51, 0x50, 0xc0, 0x06, 0x35, 0x6a, 0x7a, 0xb0, + 0xb9, 0xcd, 0xc3, 0x7b, 0x6a, 0xcc, 0xb6, 0x54, 0xa2, 0x10, 0x2b, 0x08, 0x36, 0xb0, 0xec, 0x1f, + 0x86, 0x74, 0x96, 0x37, 0x9a, 0x90, 0x49, 0xe5, 0xdc, 0xf7, 0xc4, 0x22, 0x96, 0x53, 0xf9, 0xdf, + 0xbf, 0x61, 0x81, 0x99, 0x8a, 0x8e, 0xde, 0xe4, 0x39, 0xef, 0x56, 0x11, 0xe7, 0x05, 0x06, 0xdd, + 0xc9, 0x45, 0xa7, 0x93, 0x39, 0xb8, 0x92, 0x89, 0xef, 0x17, 0xde, 0x0b, 0x35, 0x09, 0x3d, 0x90, + 0x52, 0xf7, 0x71, 0x38, 0x93, 0xbd, 0xac, 0x55, 0xf8, 0x9a, 0x5b, 0x51, 0xd8, 0xed, 0x64, 0x0d, + 0x49, 0x76, 0x99, 0x27, 0xe6, 0x30, 0x6a, 0x8e, 0x6d, 0x7a, 0x41, 0x33, 0x6b, 0x48, 0x5e, 0xf7, + 0x82, 0x26, 0x66, 0x90, 0x01, 0x2e, 0xa5, 0xfb, 0x4d, 0x0b, 0x2e, 0xee, 0x77, 0xa7, 0x2c, 0x7a, + 0x02, 0x2a, 0x77, 0x9d, 0x48, 0x56, 0xb0, 0x65, 0x82, 0xf2, 0xb6, 0x13, 0x05, 0x98, 0xb5, 0xa2, + 0x1d, 0x18, 0xe2, 0x31, 0x20, 0x42, 0x5b, 0x7f, 0xb5, 0xd8, 0x1b, 0x6e, 0xaf, 0x13, 0xc3, 0x5c, + 0xe0, 0xf1, 0x27, 0x58, 0x30, 0xb4, 0xbf, 0x63, 0x01, 0x5a, 0xda, 0x22, 0x51, 0xe4, 0x35, 0x8d, + 0xa8, 0x15, 0xf4, 0x22, 0x8c, 0xde, 0x59, 0x59, 0xba, 0xb1, 0x1c, 0x7a, 0x01, 0xab, 0xfa, 0x60, + 0x24, 0xb6, 0x5d, 0x33, 0xda, 0x71, 0x0a, 0x0b, 0xcd, 0xc0, 0xd8, 0x9d, 0x37, 0xa9, 0xf1, 0x6b, + 0x56, 0xcb, 0x2f, 0x69, 0x77, 0xe7, 0xb5, 0x57, 0x33, 0x40, 0xdc, 0x8b, 0x8f, 0x96, 0xe0, 0x5c, + 0x9b, 0x9b, 0x1b, 0xbc, 0xc8, 0x35, 0xb7, 0x3d, 0x54, 0x1a, 0xc9, 0xf9, 0xbd, 0xdd, 0x89, 0x73, + 0x8b, 0x79, 0x08, 0x38, 0xff, 0x39, 0xfb, 0xbd, 0x80, 0x78, 0xb0, 0xca, 0x4c, 0x5e, 0xe4, 0x41, + 0x5f, 0x4b, 0xdc, 0xfe, 0x6a, 0x15, 0x4e, 0x65, 0xea, 0x1b, 0x52, 0x53, 0xaf, 0x37, 0xd4, 0xe1, + 0xc8, 0xfb, 0x77, 0x6f, 0xf7, 0x06, 0x0a, 0x9e, 0x08, 0xa0, 0xea, 0x05, 0x9d, 0x6e, 0x52, 0x4c, + 0xe6, 0x18, 0xef, 0xc4, 0x3c, 0x25, 0x68, 0x38, 0x89, 0xe8, 0x5f, 0xcc, 0xd9, 0x14, 0x19, 0x8a, + 0x91, 0x52, 0xc6, 0x2b, 0x0f, 0xc9, 0x1d, 0xf0, 0x49, 0x1d, 0x18, 0x51, 0x2d, 0xe2, 0xa0, 0x3e, + 0x33, 0x59, 0x8e, 0xfb, 0x80, 0xed, 0xd7, 0x4b, 0x30, 0x62, 0x7c, 0x34, 0xf4, 0xcb, 0xe9, 0x42, + 0x2d, 0x56, 0x71, 0xaf, 0xc4, 0xe8, 0x4f, 0xea, 0x52, 0x2c, 0xfc, 0x95, 0x9e, 0xe9, 0xad, 0xd1, + 0x72, 0x6f, 0x77, 0xe2, 0x74, 0xa6, 0x0a, 0x4b, 0xaa, 0x6e, 0xcb, 0x85, 0x8f, 0xc1, 0xa9, 0x0c, + 0x99, 0x9c, 0x57, 0x5e, 0x4d, 0xdf, 0xc5, 0x7b, 0x44, 0xb7, 0x94, 0x39, 0x64, 0xdf, 0xa0, 0x43, + 0xa6, 0xaf, 0x68, 0x1f, 0xc0, 0x1d, 0x97, 0xc9, 0x91, 0x2b, 0x0d, 0x98, 0x23, 0xf7, 0x2c, 0xd4, + 0x3a, 0xa1, 0xef, 0xb9, 0x9e, 0x2a, 0xe9, 0xc5, 0xb2, 0xf2, 0x96, 0x45, 0x1b, 0x56, 0x50, 0x74, + 0x17, 0xea, 0xea, 0xda, 0x62, 0x11, 0x84, 0x58, 0x94, 0xab, 0x57, 0x29, 0x2d, 0xfa, 0x3a, 0x62, + 0xcd, 0x0b, 0xd9, 0x30, 0xc4, 0x36, 0x41, 0x19, 0xf0, 0xcb, 0x32, 0x38, 0xd9, 0xee, 0x18, 0x63, + 0x01, 0xb1, 0xbf, 0x5e, 0x87, 0xb3, 0x79, 0x45, 0x66, 0xd1, 0x47, 0x61, 0x88, 0xf7, 0xb1, 0x98, + 0x3a, 0xe6, 0x79, 0x3c, 0xe6, 0x18, 0x41, 0xd1, 0x2d, 0xf6, 0x1b, 0x0b, 0x9e, 0x82, 0xbb, 0xef, + 0xac, 0x89, 0x19, 0x72, 0x3c, 0xdc, 0x17, 0x1c, 0xcd, 0x7d, 0xc1, 0xe1, 0xdc, 0x7d, 0x67, 0x0d, + 0x6d, 0x43, 0xb5, 0xe5, 0x25, 0xc4, 0x11, 0x4e, 0x84, 0xdb, 0xc7, 0xc2, 0x9c, 0x38, 0x5c, 0x4b, + 0x63, 0x3f, 0x31, 0x67, 0x88, 0xbe, 0x66, 0xc1, 0xa9, 0xb5, 0x74, 0x42, 0xac, 0x10, 0x9e, 0xce, + 0x31, 0x14, 0x12, 0x4e, 0x33, 0xe2, 0x37, 0x52, 0x64, 0x1a, 0x71, 0xb6, 0x3b, 0xe8, 0x53, 0x16, + 0x0c, 0xaf, 0x7b, 0xbe, 0x51, 0x53, 0xf2, 0x18, 0x3e, 0xce, 0x15, 0xc6, 0x40, 0x5b, 0x1c, 0xfc, + 0x7f, 0x8c, 0x25, 0xe7, 0x7e, 0x3b, 0xd5, 0xd0, 0x51, 0x77, 0xaa, 0xe1, 0x87, 0xb4, 0x53, 0x7d, + 0xda, 0x82, 0xba, 0x1a, 0x69, 0x91, 0xe4, 0xf8, 0xa1, 0x63, 0xfc, 0xe4, 0xdc, 0x73, 0xa2, 0xfe, + 0x62, 0xcd, 0x1c, 0x7d, 0xd1, 0x82, 0x11, 0xe7, 0xad, 0x6e, 0x44, 0x9a, 0x64, 0x2b, 0xec, 0xc4, + 0xe2, 0x16, 0xa8, 0xd7, 0x8b, 0xef, 0xcc, 0x34, 0x65, 0x32, 0x4b, 0xb6, 0x96, 0x3a, 0xb1, 0x48, + 0x46, 0xd0, 0x0d, 0xd8, 0xec, 0x82, 0xbd, 0x5b, 0x82, 0x89, 0x7d, 0x28, 0xa0, 0x97, 0x61, 0x34, + 0x8c, 0x5a, 0x4e, 0xe0, 0xbd, 0x65, 0x66, 0xb8, 0x2b, 0x2d, 0x6b, 0xc9, 0x80, 0xe1, 0x14, 0xa6, + 0x99, 0x86, 0x59, 0xda, 0x27, 0x0d, 0xf3, 0x22, 0x54, 0x22, 0xd2, 0x09, 0xb3, 0xc6, 0x02, 0x0b, + 0x04, 0x66, 0x10, 0xf4, 0x24, 0x94, 0x9d, 0x8e, 0x27, 0xc2, 0x4f, 0x94, 0x0d, 0x34, 0xbd, 0x3c, + 0x8f, 0x69, 0x7b, 0x2a, 0x2b, 0xbc, 0xfa, 0x40, 0xb2, 0xc2, 0xe9, 0x36, 0x20, 0xce, 0x2e, 0x86, + 0xf4, 0x36, 0x90, 0x3e, 0x53, 0xb0, 0xbf, 0x52, 0x86, 0x27, 0xef, 0x3b, 0x5f, 0x74, 0xf4, 0x8d, + 0x75, 0x9f, 0xe8, 0x1b, 0x39, 0x3c, 0xa5, 0xfd, 0x86, 0xa7, 0xdc, 0x67, 0x78, 0x3e, 0x45, 0x97, + 0x81, 0xac, 0x0c, 0x50, 0xcc, 0x85, 0x44, 0xfd, 0x0a, 0x0d, 0x88, 0x15, 0x20, 0xa1, 0x58, 0xf3, + 0xa5, 0x36, 0x40, 0x2a, 0x05, 0xb1, 0x5a, 0xc4, 0x36, 0xd0, 0xb7, 0x52, 0x00, 0x9f, 0xfb, 0xfd, + 0xf2, 0x1a, 0xed, 0x5f, 0x28, 0xc1, 0xd3, 0x03, 0x48, 0x6f, 0x73, 0x16, 0x5b, 0x03, 0xce, 0xe2, + 0xef, 0xed, 0xcf, 0x64, 0xff, 0x25, 0x0b, 0x2e, 0xf4, 0xdf, 0x3c, 0xd0, 0x0b, 0x30, 0xb2, 0x16, + 0x39, 0x81, 0xbb, 0xc1, 0x2e, 0x59, 0x93, 0x83, 0xc2, 0xc6, 0x5a, 0x37, 0x63, 0x13, 0x87, 0x9a, + 0xb7, 0xbc, 0xb0, 0xbb, 0x81, 0x21, 0x53, 0xc6, 0xa8, 0x79, 0xbb, 0x9a, 0x05, 0xe2, 0x5e, 0x7c, + 0xfb, 0xcf, 0x4a, 0xf9, 0xdd, 0xe2, 0x4a, 0xc6, 0x41, 0xbe, 0x93, 0xf8, 0x0a, 0xa5, 0x01, 0x64, + 0x49, 0xf9, 0x41, 0xcb, 0x92, 0x4a, 0x3f, 0x59, 0x82, 0x66, 0xe1, 0xb4, 0x71, 0x1f, 0x01, 0x4f, + 0x03, 0xe4, 0x61, 0x76, 0x2a, 0x37, 0x7e, 0x39, 0x03, 0xc7, 0x3d, 0x4f, 0xa0, 0xe7, 0xa0, 0xe6, + 0x05, 0x31, 0x71, 0xbb, 0x11, 0x0f, 0xef, 0x34, 0x52, 0x2f, 0xe6, 0x45, 0x3b, 0x56, 0x18, 0xf6, + 0xaf, 0x94, 0xe0, 0x7c, 0x5f, 0x3d, 0xeb, 0x01, 0xc9, 0x2e, 0xf3, 0x73, 0x54, 0x1e, 0xcc, 0xe7, + 0x30, 0x07, 0xa9, 0xba, 0xef, 0x20, 0xfd, 0x61, 0xff, 0x89, 0x49, 0x75, 0xee, 0xef, 0xdb, 0x51, + 0x7a, 0x05, 0x4e, 0x38, 0x9d, 0x0e, 0xc7, 0x63, 0x51, 0x5a, 0x99, 0xda, 0x18, 0xd3, 0x26, 0x10, + 0xa7, 0x71, 0x07, 0xda, 0x3d, 0xff, 0xd8, 0x82, 0x3a, 0x26, 0xeb, 0x5c, 0x3a, 0xa0, 0x3b, 0x62, + 0x88, 0xac, 0x22, 0xaa, 0xe8, 0xd1, 0x81, 0x8d, 0x3d, 0x56, 0x5d, 0x2e, 0x6f, 0xb0, 0x7b, 0xef, + 0xad, 0x28, 0x1d, 0xe8, 0xde, 0x0a, 0x75, 0x73, 0x41, 0xb9, 0xff, 0xcd, 0x05, 0xf6, 0x37, 0x86, + 0xe9, 0xeb, 0x75, 0xc2, 0x99, 0x88, 0x34, 0x63, 0xfa, 0x7d, 0xbb, 0x91, 0x2f, 0x26, 0x89, 0xfa, + 0xbe, 0x37, 0xf1, 0x02, 0xa6, 0xed, 0xa9, 0xa3, 0x98, 0xd2, 0x81, 0x2a, 0x03, 0x94, 0xf7, 0xad, + 0x0c, 0xf0, 0x0a, 0x9c, 0x88, 0xe3, 0x8d, 0xe5, 0xc8, 0xdb, 0x72, 0x12, 0x72, 0x9d, 0xec, 0x08, + 0x2d, 0x4b, 0x67, 0xf3, 0xae, 0x5c, 0xd5, 0x40, 0x9c, 0xc6, 0x45, 0x73, 0x30, 0xa6, 0xf3, 0xf3, + 0x49, 0x94, 0xb0, 0x98, 0x5e, 0x3e, 0x13, 0x54, 0xea, 0x9e, 0xce, 0xe8, 0x17, 0x08, 0xb8, 0xf7, + 0x19, 0x2a, 0xdf, 0x52, 0x8d, 0xb4, 0x23, 0x43, 0x69, 0xf9, 0x96, 0xa2, 0x43, 0xfb, 0xd2, 0xf3, + 0x04, 0x5a, 0x84, 0x33, 0x7c, 0x62, 0x4c, 0x77, 0x3a, 0xc6, 0x1b, 0x0d, 0xa7, 0xab, 0x97, 0xcd, + 0xf5, 0xa2, 0xe0, 0xbc, 0xe7, 0xd0, 0x4b, 0x30, 0xa2, 0x9a, 0xe7, 0x67, 0xc5, 0x29, 0x82, 0xf2, + 0x62, 0x28, 0x32, 0xf3, 0x4d, 0x6c, 0xe2, 0xa1, 0x0f, 0xc2, 0xe3, 0xfa, 0x2f, 0x4f, 0xfc, 0xe0, + 0x47, 0x6b, 0xb3, 0xa2, 0xf4, 0x89, 0xaa, 0x93, 0x3f, 0x97, 0x8b, 0xd6, 0xc4, 0xfd, 0x9e, 0x47, + 0x6b, 0x70, 0x41, 0x81, 0x2e, 0x07, 0x09, 0x8b, 0xe2, 0x8e, 0x49, 0xc3, 0x89, 0xc9, 0xcd, 0xc8, + 0x67, 0xc5, 0x52, 0xea, 0xfa, 0x0a, 0xb3, 0x39, 0x2f, 0xb9, 0x9a, 0x87, 0x89, 0x17, 0xf0, 0x7d, + 0xa8, 0xa0, 0x29, 0xa8, 0x93, 0xc0, 0x59, 0xf3, 0xc9, 0xd2, 0xcc, 0x3c, 0x2b, 0xa1, 0x62, 0x9c, + 0xe4, 0x5d, 0x96, 0x00, 0xac, 0x71, 0x54, 0x5c, 0xd9, 0x68, 0xdf, 0xeb, 0xf4, 0x96, 0xe1, 0x6c, + 0xcb, 0xed, 0x50, 0xdd, 0xc3, 0x73, 0xc9, 0xb4, 0xcb, 0x62, 0xab, 0xe8, 0x87, 0xe1, 0x65, 0xe5, + 0x54, 0xd0, 0xe4, 0xdc, 0xcc, 0x72, 0x0f, 0x0e, 0xce, 0x7d, 0x92, 0xae, 0xb1, 0x4e, 0x14, 0x6e, + 0xef, 0x8c, 0x9f, 0x49, 0xaf, 0xb1, 0x65, 0xda, 0x88, 0x39, 0x0c, 0x5d, 0x03, 0xc4, 0x22, 0x70, + 0xaf, 0x26, 0x49, 0x47, 0x29, 0x3b, 0xe3, 0x67, 0xd9, 0x2b, 0x5d, 0x10, 0x4f, 0xa0, 0x2b, 0x3d, + 0x18, 0x38, 0xe7, 0x29, 0xfb, 0xdf, 0x5a, 0x70, 0x42, 0xad, 0xd7, 0x07, 0x10, 0x83, 0xee, 0xa7, + 0x63, 0xd0, 0xe7, 0x8e, 0x2e, 0xf1, 0x58, 0xcf, 0xfb, 0x04, 0x32, 0xfe, 0xec, 0x08, 0x80, 0x96, + 0x8a, 0x6a, 0x43, 0xb2, 0xfa, 0x6e, 0x48, 0x8f, 0xac, 0x44, 0xca, 0xab, 0x97, 0x50, 0x7d, 0xb8, + 0xf5, 0x12, 0x56, 0xe0, 0x9c, 0x54, 0x17, 0xf8, 0x59, 0xd1, 0xd5, 0x30, 0x56, 0x02, 0xae, 0xd6, + 0x78, 0x52, 0x10, 0x3a, 0x37, 0x9f, 0x87, 0x84, 0xf3, 0x9f, 0x4d, 0x69, 0x29, 0xc3, 0xfb, 0x69, + 0x29, 0x7a, 0x4d, 0x2f, 0xac, 0xcb, 0x82, 0xf8, 0x99, 0x35, 0xbd, 0x70, 0x65, 0x05, 0x6b, 0x9c, + 0x7c, 0xc1, 0x5e, 0x2f, 0x48, 0xb0, 0xc3, 0x81, 0x05, 0xbb, 0x14, 0x31, 0x23, 0x7d, 0x45, 0x8c, + 0xf4, 0x49, 0x8f, 0xf6, 0xf5, 0x49, 0xbf, 0x0f, 0x4e, 0x7a, 0xc1, 0x06, 0x89, 0xbc, 0x84, 0x34, + 0xd9, 0x5a, 0x60, 0xe2, 0xa7, 0xa6, 0xb7, 0xf5, 0xf9, 0x14, 0x14, 0x67, 0xb0, 0xd3, 0x72, 0xf1, + 0xe4, 0x00, 0x72, 0xb1, 0xcf, 0x6e, 0x74, 0xaa, 0x98, 0xdd, 0xe8, 0xf4, 0xd1, 0x77, 0xa3, 0xb1, + 0x63, 0xdd, 0x8d, 0x50, 0x21, 0xbb, 0xd1, 0x40, 0x82, 0xde, 0x30, 0xff, 0xce, 0xee, 0x63, 0xfe, + 0xf5, 0xdb, 0x8a, 0xce, 0x1d, 0x7a, 0x2b, 0xca, 0xdf, 0x65, 0x1e, 0x3b, 0xd4, 0x2e, 0xf3, 0xe9, + 0x12, 0x9c, 0xd3, 0x72, 0x98, 0xce, 0x7e, 0x6f, 0x9d, 0x4a, 0x22, 0x76, 0xa7, 0x0a, 0x3f, 0xb7, + 0x31, 0x52, 0x22, 0x74, 0x76, 0x85, 0x82, 0x60, 0x03, 0x8b, 0x65, 0x16, 0x90, 0x88, 0x15, 0xcf, + 0xcc, 0x0a, 0xe9, 0x19, 0xd1, 0x8e, 0x15, 0x06, 0x9d, 0x5f, 0xf4, 0xb7, 0xc8, 0xd6, 0xca, 0x96, + 0x88, 0x9a, 0xd1, 0x20, 0x6c, 0xe2, 0xa1, 0x67, 0x39, 0x13, 0x26, 0x20, 0xa8, 0xa0, 0x1e, 0x15, + 0x97, 0x2c, 0x4a, 0x99, 0xa0, 0xa0, 0xb2, 0x3b, 0x2c, 0x85, 0xa4, 0xda, 0xdb, 0x1d, 0x16, 0x02, + 0xa5, 0x30, 0xec, 0xff, 0x66, 0xc1, 0xf9, 0xdc, 0xa1, 0x78, 0x00, 0x9b, 0xef, 0x76, 0x7a, 0xf3, + 0x5d, 0x29, 0xca, 0xdc, 0x30, 0xde, 0xa2, 0xcf, 0x46, 0xfc, 0xaf, 0x2d, 0x38, 0xa9, 0xf1, 0x1f, + 0xc0, 0xab, 0x7a, 0xe9, 0x57, 0x2d, 0xce, 0xb2, 0xaa, 0xf7, 0xbc, 0xdb, 0xef, 0x96, 0x40, 0x95, + 0x6d, 0x9b, 0x76, 0x65, 0x51, 0xcc, 0x7d, 0x4e, 0x12, 0x77, 0x60, 0x88, 0x1d, 0x84, 0xc6, 0xc5, + 0x04, 0x79, 0xa4, 0xf9, 0xb3, 0x43, 0x55, 0x7d, 0xc8, 0xcc, 0xfe, 0xc6, 0x58, 0x30, 0x64, 0xa5, + 0x5d, 0xbd, 0x98, 0x4a, 0xf3, 0xa6, 0x48, 0xc6, 0xd0, 0xa5, 0x5d, 0x45, 0x3b, 0x56, 0x18, 0x74, + 0x7b, 0xf0, 0xdc, 0x30, 0x98, 0xf1, 0x9d, 0x58, 0x5e, 0x24, 0xa6, 0xb6, 0x87, 0x79, 0x09, 0xc0, + 0x1a, 0x87, 0x9d, 0x91, 0x7a, 0x71, 0xc7, 0x77, 0x76, 0x0c, 0xfb, 0xd9, 0xc8, 0x4a, 0x56, 0x20, + 0x6c, 0xe2, 0xd9, 0x6d, 0x18, 0x4f, 0xbf, 0xc4, 0x2c, 0x59, 0x67, 0x01, 0x8a, 0x03, 0x0d, 0xe7, + 0x14, 0xd4, 0x1d, 0xf6, 0xd4, 0x42, 0xd7, 0xc9, 0xde, 0xff, 0x3b, 0x2d, 0x01, 0x58, 0xe3, 0xd8, + 0xbf, 0x66, 0xc1, 0x99, 0x9c, 0x41, 0x2b, 0x30, 0xd9, 0x25, 0xd1, 0xd2, 0x26, 0x6f, 0x63, 0x7f, + 0x17, 0x0c, 0x37, 0xc9, 0xba, 0x23, 0x43, 0xe0, 0x0c, 0xd9, 0x3e, 0xcb, 0x9b, 0xb1, 0x84, 0xdb, + 0xff, 0xc5, 0x82, 0x53, 0xe9, 0xbe, 0xc6, 0x54, 0x3a, 0xf3, 0x97, 0x99, 0xf5, 0x62, 0x37, 0xdc, + 0x22, 0xd1, 0x0e, 0x7d, 0x73, 0xde, 0x6b, 0x25, 0x9d, 0xa7, 0x7b, 0x30, 0x70, 0xce, 0x53, 0xac, + 0x68, 0x63, 0x53, 0x8d, 0xb6, 0x9c, 0x91, 0xb7, 0x8a, 0x9c, 0x91, 0xfa, 0x63, 0x9a, 0xc7, 0xe5, + 0x8a, 0x25, 0x36, 0xf9, 0xdb, 0xdf, 0xa9, 0x80, 0xca, 0x86, 0x63, 0xf1, 0x47, 0x05, 0x45, 0x6f, + 0xa5, 0xee, 0x3c, 0x2a, 0x0f, 0x70, 0xe7, 0x91, 0x9c, 0x0c, 0x95, 0xfb, 0x05, 0x04, 0x70, 0x2f, + 0x89, 0xe9, 0xba, 0x54, 0x6f, 0xb8, 0xaa, 0x41, 0xd8, 0xc4, 0xa3, 0x3d, 0xf1, 0xbd, 0x2d, 0xc2, + 0x1f, 0x1a, 0x4a, 0xf7, 0x64, 0x41, 0x02, 0xb0, 0xc6, 0xa1, 0x3d, 0x69, 0x7a, 0xeb, 0xeb, 0xc2, + 0xe4, 0x57, 0x3d, 0xa1, 0xa3, 0x83, 0x19, 0x84, 0xd7, 0xe1, 0x0d, 0x37, 0x85, 0x16, 0x6c, 0xd4, + 0xe1, 0x0d, 0x37, 0x31, 0x83, 0x50, 0xbd, 0x2d, 0x08, 0xa3, 0x36, 0xbb, 0x9f, 0xb9, 0xa9, 0xb8, + 0x08, 0xed, 0x57, 0xe9, 0x6d, 0x37, 0x7a, 0x51, 0x70, 0xde, 0x73, 0x74, 0x06, 0x76, 0x22, 0xd2, + 0xf4, 0xdc, 0xc4, 0xa4, 0x06, 0xe9, 0x19, 0xb8, 0xdc, 0x83, 0x81, 0x73, 0x9e, 0x42, 0xd3, 0x70, + 0x4a, 0x66, 0x33, 0xca, 0x5a, 0x15, 0x23, 0xe9, 0xdc, 0x78, 0x9c, 0x06, 0xe3, 0x2c, 0x3e, 0x95, + 0x6a, 0x6d, 0x51, 0xa6, 0x86, 0x29, 0xcb, 0x86, 0x54, 0x93, 0xe5, 0x6b, 0xb0, 0xc2, 0xb0, 0x3f, + 0x59, 0xa6, 0xbb, 0x70, 0x9f, 0xf2, 0x4c, 0x0f, 0x2c, 0x5a, 0x30, 0x3d, 0x23, 0x2b, 0x03, 0xcc, + 0xc8, 0x17, 0x61, 0xf4, 0x4e, 0x1c, 0x06, 0x2a, 0x12, 0xaf, 0xda, 0x37, 0x12, 0xcf, 0xc0, 0xca, + 0x8f, 0xc4, 0x1b, 0x2a, 0x2a, 0x12, 0x6f, 0xf8, 0x90, 0x91, 0x78, 0xdf, 0xaa, 0x82, 0xba, 0x10, + 0xe0, 0x06, 0x49, 0xee, 0x86, 0xd1, 0xa6, 0x17, 0xb4, 0x58, 0x16, 0xe8, 0xd7, 0x2c, 0x18, 0xe5, + 0xeb, 0x65, 0xc1, 0xcc, 0xa4, 0x5a, 0x2f, 0xa8, 0xd2, 0x7c, 0x8a, 0xd9, 0xe4, 0xaa, 0xc1, 0x28, + 0x73, 0x8f, 0x9d, 0x09, 0xc2, 0xa9, 0x1e, 0xa1, 0x8f, 0x01, 0x48, 0xff, 0xe8, 0xba, 0x14, 0x99, + 0xf3, 0xc5, 0xf4, 0x0f, 0x93, 0x75, 0xad, 0x03, 0xaf, 0x2a, 0x26, 0xd8, 0x60, 0x88, 0x3e, 0x9d, + 0xbd, 0xbf, 0xfe, 0x23, 0xc7, 0x32, 0x36, 0x83, 0xe4, 0x98, 0x61, 0x18, 0xf6, 0x82, 0x16, 0x9d, + 0x27, 0x22, 0x62, 0xe9, 0x87, 0xf2, 0x32, 0xa8, 0x17, 0x42, 0xa7, 0xd9, 0x70, 0x7c, 0x27, 0x70, + 0x49, 0x34, 0xcf, 0xd1, 0xcd, 0xdb, 0x5b, 0x59, 0x03, 0x96, 0x84, 0x7a, 0xae, 0x52, 0xa8, 0x0e, + 0x72, 0x95, 0xc2, 0x85, 0xf7, 0xc3, 0x58, 0xcf, 0xc7, 0x3c, 0x50, 0x4a, 0xd9, 0xe1, 0xb3, 0xd1, + 0xec, 0x7f, 0x3a, 0xa4, 0x37, 0xad, 0x1b, 0x61, 0x93, 0x17, 0xf4, 0x8f, 0xf4, 0x17, 0x15, 0x3a, + 0x6e, 0x81, 0x53, 0xc4, 0xb8, 0x01, 0x56, 0x35, 0x62, 0x93, 0x25, 0x9d, 0xa3, 0x1d, 0x27, 0x22, + 0xc1, 0x71, 0xcf, 0xd1, 0x65, 0xc5, 0x04, 0x1b, 0x0c, 0xd1, 0x46, 0x2a, 0xa7, 0xe4, 0xca, 0xd1, + 0x73, 0x4a, 0x58, 0x6d, 0x99, 0xbc, 0x1a, 0xdc, 0x5f, 0xb4, 0xe0, 0x64, 0x90, 0x9a, 0xb9, 0xc5, + 0x84, 0x91, 0xe6, 0xaf, 0x0a, 0x7e, 0x9f, 0x4c, 0xba, 0x0d, 0x67, 0xf8, 0xe7, 0x6d, 0x69, 0xd5, + 0x03, 0x6e, 0x69, 0xfa, 0x66, 0x90, 0xa1, 0x7e, 0x37, 0x83, 0xa0, 0x40, 0x5d, 0x8d, 0x34, 0x5c, + 0xf8, 0xd5, 0x48, 0x90, 0x73, 0x2d, 0xd2, 0x6d, 0xa8, 0xbb, 0x11, 0x71, 0x92, 0x43, 0xde, 0x92, + 0xc3, 0x0e, 0xe8, 0x67, 0x24, 0x01, 0xac, 0x69, 0xd9, 0xff, 0xab, 0x02, 0xa7, 0xe5, 0x88, 0xc8, + 0x10, 0x74, 0xba, 0x3f, 0x72, 0xbe, 0x5a, 0xb9, 0x55, 0xfb, 0xe3, 0x55, 0x09, 0xc0, 0x1a, 0x87, + 0xea, 0x63, 0xdd, 0x98, 0x2c, 0x75, 0x48, 0xb0, 0xe0, 0xad, 0xc5, 0xe2, 0x9c, 0x53, 0x2d, 0x94, + 0x9b, 0x1a, 0x84, 0x4d, 0x3c, 0xaa, 0x8c, 0x73, 0xbd, 0x38, 0xce, 0xa6, 0xaf, 0x08, 0x7d, 0x1b, + 0x4b, 0x38, 0xfa, 0xc5, 0xdc, 0x7a, 0x91, 0xc5, 0x24, 0x6e, 0xf5, 0x44, 0xde, 0x1f, 0xf0, 0x62, + 0xb5, 0xbf, 0x61, 0xc1, 0x39, 0xde, 0x2a, 0x47, 0xf2, 0x66, 0xa7, 0xe9, 0x24, 0x24, 0x2e, 0xa6, + 0x7e, 0x73, 0x4e, 0xff, 0xb4, 0x93, 0x37, 0x8f, 0x2d, 0xce, 0xef, 0x0d, 0xfa, 0x82, 0x05, 0xa7, + 0x36, 0x53, 0x99, 0xfe, 0x72, 0xeb, 0x38, 0x62, 0x4d, 0x9a, 0x74, 0xf9, 0x00, 0xbd, 0xd4, 0xd2, + 0xed, 0x31, 0xce, 0x72, 0xb7, 0xff, 0xcc, 0x02, 0x53, 0x8c, 0x0e, 0xa6, 0x01, 0x1a, 0x57, 0xd9, + 0x96, 0xf6, 0xb9, 0xca, 0x56, 0x2a, 0x8b, 0xe5, 0xc1, 0x8c, 0x93, 0xca, 0x01, 0x8c, 0x93, 0x6a, + 0x5f, 0xed, 0xf2, 0x49, 0x28, 0x77, 0xbd, 0xa6, 0xb0, 0x2f, 0xf4, 0xe9, 0xeb, 0xfc, 0x2c, 0xa6, + 0xed, 0xf6, 0x3f, 0xaa, 0x6a, 0xbf, 0x85, 0xc8, 0x8b, 0xfa, 0xbe, 0x78, 0xed, 0x75, 0x55, 0x62, + 0x88, 0xbf, 0xf9, 0x8d, 0x9e, 0x12, 0x43, 0x3f, 0x7a, 0xf0, 0xb4, 0x37, 0x3e, 0x40, 0xfd, 0x2a, + 0x0c, 0x0d, 0xef, 0x93, 0xf3, 0x76, 0x07, 0x6a, 0xd4, 0x04, 0x63, 0x0e, 0xc8, 0x5a, 0xaa, 0x53, + 0xb5, 0xab, 0xa2, 0xfd, 0xde, 0xee, 0xc4, 0x8f, 0x1c, 0xbc, 0x5b, 0xf2, 0x69, 0xac, 0xe8, 0xa3, + 0x18, 0xea, 0xf4, 0x37, 0x4b, 0xcf, 0x13, 0xc6, 0xdd, 0x4d, 0x25, 0x33, 0x25, 0xa0, 0x90, 0xdc, + 0x3f, 0xcd, 0x07, 0x05, 0x50, 0x67, 0x77, 0x50, 0x32, 0xa6, 0xdc, 0x06, 0x5c, 0x56, 0x49, 0x72, + 0x12, 0x70, 0x6f, 0x77, 0xe2, 0x95, 0x83, 0x33, 0x55, 0x8f, 0x63, 0xcd, 0xc2, 0xfe, 0x52, 0x45, + 0xcf, 0x5d, 0x51, 0x59, 0xea, 0xfb, 0x62, 0xee, 0xbe, 0x9c, 0x99, 0xbb, 0x17, 0x7b, 0xe6, 0xee, + 0x49, 0x7d, 0x57, 0x62, 0x6a, 0x36, 0x3e, 0x68, 0x45, 0x60, 0x7f, 0x7f, 0x03, 0xd3, 0x80, 0xde, + 0xec, 0x7a, 0x11, 0x89, 0x97, 0xa3, 0x6e, 0xe0, 0x05, 0x2d, 0x71, 0x07, 0xbe, 0xa1, 0x01, 0xa5, + 0xc0, 0x38, 0x8b, 0xcf, 0xee, 0xcf, 0xdf, 0x09, 0xdc, 0xdb, 0xce, 0x16, 0x9f, 0x55, 0x46, 0xb1, + 0x9d, 0x15, 0xd1, 0x8e, 0x15, 0x86, 0xfd, 0x0d, 0x76, 0x96, 0x6d, 0xe4, 0x05, 0xd3, 0x39, 0xe1, + 0xb3, 0x4b, 0x3f, 0x79, 0xa5, 0x1e, 0x35, 0x27, 0xf8, 0x4d, 0x9f, 0x1c, 0x86, 0xee, 0xc2, 0xf0, + 0x1a, 0xbf, 0xf5, 0xaa, 0x98, 0xaa, 0xc4, 0xe2, 0x0a, 0x2d, 0x76, 0xb7, 0x81, 0xbc, 0x4f, 0xeb, + 0x9e, 0xfe, 0x89, 0x25, 0x37, 0xfb, 0x9b, 0x15, 0x38, 0x95, 0xb9, 0x16, 0x32, 0x55, 0x23, 0xb1, + 0xb4, 0x6f, 0x8d, 0xc4, 0x0f, 0x03, 0x34, 0x49, 0xc7, 0x0f, 0x77, 0x98, 0x3a, 0x56, 0x39, 0xb0, + 0x3a, 0xa6, 0x34, 0xf8, 0x59, 0x45, 0x05, 0x1b, 0x14, 0x45, 0x79, 0x22, 0x5e, 0x72, 0x31, 0x53, + 0x9e, 0xc8, 0xa8, 0x5d, 0x3e, 0xf4, 0x60, 0x6b, 0x97, 0x7b, 0x70, 0x8a, 0x77, 0x51, 0x65, 0xdf, + 0x1e, 0x22, 0xc9, 0x96, 0xe5, 0x2f, 0xcc, 0xa6, 0xc9, 0xe0, 0x2c, 0xdd, 0x87, 0x79, 0xeb, 0x2b, + 0x7a, 0x37, 0xd4, 0xe5, 0x77, 0x8e, 0xc7, 0xeb, 0xba, 0x82, 0x81, 0x9c, 0x06, 0xec, 0x36, 0x56, + 0xf1, 0xd3, 0xfe, 0x7c, 0x89, 0x6a, 0xcf, 0xfc, 0x9f, 0xaa, 0x44, 0xf3, 0x0c, 0x0c, 0x39, 0xdd, + 0x64, 0x23, 0xec, 0xb9, 0x39, 0x6b, 0x9a, 0xb5, 0x62, 0x01, 0x45, 0x0b, 0x50, 0x69, 0xea, 0xea, + 0x22, 0x07, 0x19, 0x45, 0xed, 0x88, 0x74, 0x12, 0x82, 0x19, 0x15, 0xf4, 0x04, 0x54, 0x12, 0xa7, + 0x25, 0x13, 0x9d, 0x58, 0x72, 0xeb, 0xaa, 0xd3, 0x8a, 0x31, 0x6b, 0x35, 0x37, 0xcd, 0xca, 0x3e, + 0x9b, 0xe6, 0x2b, 0x70, 0x22, 0xf6, 0x5a, 0x81, 0x93, 0x74, 0x23, 0x62, 0x1c, 0xae, 0xe9, 0x78, + 0x09, 0x13, 0x88, 0xd3, 0xb8, 0xf6, 0x6f, 0x8d, 0xc2, 0xd9, 0x95, 0x99, 0x45, 0x59, 0x29, 0xf7, + 0xd8, 0x72, 0x95, 0xf2, 0x78, 0x3c, 0xb8, 0x5c, 0xa5, 0x3e, 0xdc, 0x7d, 0x23, 0x57, 0xc9, 0x37, + 0x72, 0x95, 0xd2, 0x89, 0x23, 0xe5, 0x22, 0x12, 0x47, 0xf2, 0x7a, 0x30, 0x48, 0xe2, 0xc8, 0xb1, + 0x25, 0x2f, 0xdd, 0xb7, 0x43, 0x07, 0x4a, 0x5e, 0x52, 0x99, 0x5d, 0x85, 0x84, 0xf4, 0xf7, 0xf9, + 0x54, 0xb9, 0x99, 0x5d, 0x2a, 0xab, 0x86, 0xa7, 0xab, 0x08, 0x01, 0xfb, 0x7a, 0xf1, 0x1d, 0x18, + 0x20, 0xab, 0x46, 0x64, 0xcc, 0x98, 0x99, 0x5c, 0xc3, 0x45, 0x64, 0x72, 0xe5, 0x75, 0x67, 0xdf, + 0x4c, 0xae, 0x57, 0xe0, 0x84, 0xeb, 0x87, 0x01, 0x59, 0x8e, 0xc2, 0x24, 0x74, 0x43, 0x5f, 0x28, + 0xd3, 0x4a, 0x24, 0xcc, 0x98, 0x40, 0x9c, 0xc6, 0xed, 0x97, 0x06, 0x56, 0x3f, 0x6a, 0x1a, 0x18, + 0x3c, 0xa4, 0x34, 0xb0, 0x9f, 0xd3, 0x09, 0xcb, 0x23, 0xec, 0x8b, 0x7c, 0xb8, 0xf8, 0x2f, 0x32, + 0x48, 0xd6, 0x32, 0xfa, 0x0a, 0xbf, 0xba, 0x8a, 0xaa, 0xa3, 0x33, 0x61, 0x9b, 0xaa, 0x5b, 0xa3, + 0x6c, 0x48, 0xde, 0x38, 0x86, 0x09, 0x7b, 0x7b, 0x45, 0xb3, 0x51, 0xd7, 0x59, 0xe9, 0x26, 0x9c, + 0xee, 0xc8, 0x51, 0x12, 0xaa, 0xbf, 0x5a, 0x82, 0x1f, 0xd8, 0xb7, 0x0b, 0xe8, 0x2e, 0x40, 0xe2, + 0xb4, 0xc4, 0x44, 0x15, 0xc7, 0x14, 0x47, 0x0c, 0x6a, 0x5c, 0x95, 0xf4, 0x78, 0x25, 0x10, 0xf5, + 0x97, 0x1d, 0x00, 0xc8, 0xdf, 0x2c, 0x96, 0x31, 0xf4, 0x7b, 0xaa, 0x1e, 0xe2, 0xd0, 0x27, 0x98, + 0x41, 0xe8, 0xf6, 0x1f, 0x91, 0x96, 0xbe, 0x6b, 0x55, 0x7d, 0x3e, 0xcc, 0x5a, 0xb1, 0x80, 0xa2, + 0x97, 0x60, 0xc4, 0xf1, 0x7d, 0x9e, 0x95, 0x42, 0x62, 0x71, 0x77, 0x85, 0xae, 0xdc, 0xa6, 0x41, + 0xd8, 0xc4, 0xb3, 0xff, 0xb4, 0x04, 0x13, 0xfb, 0xc8, 0x94, 0x9e, 0x3c, 0xbb, 0xea, 0xc0, 0x79, + 0x76, 0x22, 0x33, 0x60, 0xa8, 0x4f, 0x66, 0xc0, 0x4b, 0x30, 0x92, 0x10, 0xa7, 0x2d, 0xc2, 0xa0, + 0x84, 0xfd, 0xad, 0xcf, 0x5d, 0x35, 0x08, 0x9b, 0x78, 0x54, 0x8a, 0x9d, 0x74, 0x5c, 0x97, 0xc4, + 0xb1, 0x0c, 0xfd, 0x17, 0x3e, 0xcc, 0xc2, 0xf2, 0x0a, 0x98, 0x6b, 0x78, 0x3a, 0xc5, 0x02, 0x67, + 0x58, 0x66, 0x07, 0xbc, 0x3e, 0xe0, 0x80, 0x7f, 0xbd, 0x04, 0x4f, 0xde, 0x77, 0x77, 0x1b, 0x38, + 0x2b, 0xa3, 0x1b, 0x93, 0x28, 0x3b, 0x71, 0x6e, 0xc6, 0x24, 0xc2, 0x0c, 0xc2, 0x47, 0xa9, 0xd3, + 0x31, 0xee, 0xb2, 0x2d, 0x3a, 0x65, 0x88, 0x8f, 0x52, 0x8a, 0x05, 0xce, 0xb0, 0x3c, 0xec, 0xb4, + 0xfc, 0x3b, 0x25, 0x78, 0x7a, 0x00, 0x1d, 0xa0, 0xc0, 0xd4, 0xaa, 0x74, 0x82, 0x5b, 0xf9, 0x21, + 0xe5, 0x21, 0x1e, 0x72, 0xb8, 0xbe, 0x51, 0x82, 0x0b, 0xfd, 0xb7, 0x62, 0xf4, 0x63, 0xd4, 0x86, + 0x97, 0xb1, 0x4f, 0x66, 0x6e, 0xdc, 0x19, 0x6e, 0xbf, 0xa7, 0x40, 0x38, 0x8b, 0x8b, 0x26, 0x01, + 0x3a, 0x4e, 0xb2, 0x11, 0x5f, 0xde, 0xf6, 0xe2, 0x44, 0xd4, 0x7e, 0x39, 0xc9, 0x4f, 0x8c, 0x64, + 0x2b, 0x36, 0x30, 0x28, 0x3b, 0xf6, 0x6f, 0x36, 0xbc, 0x11, 0x26, 0xfc, 0x21, 0x6e, 0x46, 0x9c, + 0x91, 0xf5, 0xf1, 0x0d, 0x10, 0xce, 0xe2, 0x52, 0x76, 0xec, 0x4c, 0x92, 0x77, 0x94, 0xdb, 0x17, + 0x8c, 0xdd, 0x82, 0x6a, 0xc5, 0x06, 0x46, 0x36, 0xeb, 0xaf, 0xba, 0x7f, 0xd6, 0x9f, 0xfd, 0x0f, + 0x4b, 0x70, 0xbe, 0xaf, 0x2a, 0x37, 0xd8, 0x02, 0x7c, 0xf4, 0x32, 0xf5, 0x0e, 0x37, 0x77, 0x0e, + 0x98, 0x51, 0xf6, 0xc7, 0x7d, 0x66, 0x9a, 0xc8, 0x28, 0x3b, 0x7c, 0x4a, 0xf6, 0xa3, 0x37, 0x9e, + 0x3d, 0x49, 0x64, 0x95, 0x03, 0x24, 0x91, 0x65, 0x3e, 0x46, 0x75, 0xc0, 0x85, 0xfc, 0x7b, 0xe5, + 0xbe, 0xc3, 0x4b, 0x4d, 0xbf, 0x81, 0xbc, 0xa3, 0xb3, 0x70, 0xda, 0x0b, 0xd8, 0x5d, 0x29, 0x2b, + 0xdd, 0x35, 0x51, 0x0e, 0xa4, 0x94, 0xbe, 0xa9, 0x78, 0x3e, 0x03, 0xc7, 0x3d, 0x4f, 0x3c, 0x82, + 0x49, 0x7d, 0x87, 0x1b, 0xd2, 0x83, 0xa5, 0x95, 0xa2, 0x25, 0x38, 0x27, 0x87, 0x62, 0xc3, 0x89, + 0x48, 0x53, 0x6c, 0x23, 0xb1, 0x48, 0x63, 0x38, 0xcf, 0x53, 0x21, 0x72, 0x10, 0x70, 0xfe, 0x73, + 0xf6, 0x87, 0xa1, 0xae, 0x5e, 0x8d, 0xc7, 0x49, 0xab, 0xf9, 0xd4, 0x13, 0x27, 0xad, 0x26, 0x93, + 0x81, 0x45, 0x3f, 0x04, 0xd5, 0x76, 0x33, 0x0b, 0xe3, 0x3a, 0xd9, 0x61, 0xaa, 0xaf, 0xfd, 0x1e, + 0x18, 0x55, 0x2e, 0x94, 0x41, 0xef, 0xe3, 0xb0, 0xbf, 0x34, 0x04, 0x27, 0x52, 0xd5, 0xf6, 0x52, + 0x1e, 0x4b, 0x6b, 0x5f, 0x8f, 0x25, 0x8b, 0x7b, 0xef, 0x06, 0xf2, 0xb2, 0x1e, 0x23, 0xee, 0xbd, + 0x1b, 0x10, 0xcc, 0x61, 0x54, 0x73, 0x6d, 0x46, 0x3b, 0xb8, 0x1b, 0x88, 0xf8, 0x54, 0xa5, 0xb9, + 0xce, 0xb2, 0x56, 0x2c, 0xa0, 0xe8, 0x13, 0x16, 0x8c, 0xc6, 0xcc, 0x1d, 0xce, 0xfd, 0xbd, 0x62, + 0x3e, 0x5d, 0x3b, 0x7a, 0x31, 0x41, 0x55, 0x59, 0x92, 0x85, 0x9c, 0x98, 0x2d, 0x38, 0xc5, 0x11, + 0xfd, 0x8c, 0x05, 0x75, 0x75, 0xa7, 0x80, 0xb8, 0x51, 0x6b, 0xa5, 0xd8, 0x62, 0x86, 0xdc, 0x51, + 0xa8, 0x4e, 0x16, 0xf4, 0x25, 0xe1, 0x9a, 0x31, 0x8a, 0x95, 0x33, 0x76, 0xf8, 0x78, 0x9c, 0xb1, + 0x90, 0xe3, 0x88, 0x7d, 0x37, 0xd4, 0xdb, 0x4e, 0xe0, 0xad, 0x93, 0x38, 0xe1, 0xfe, 0x51, 0x59, + 0x63, 0x55, 0x36, 0x62, 0x0d, 0xa7, 0x7b, 0x6d, 0xcc, 0x5e, 0x2c, 0x31, 0x1c, 0x9a, 0x6c, 0xaf, + 0x5d, 0xd1, 0xcd, 0xd8, 0xc4, 0x31, 0xbd, 0xaf, 0xf0, 0x50, 0xbd, 0xaf, 0x23, 0xfb, 0x78, 0x5f, + 0xff, 0x9e, 0x05, 0xe7, 0x72, 0xbf, 0xda, 0xa3, 0x1b, 0x49, 0x68, 0x7f, 0xb9, 0x0a, 0x67, 0x72, + 0xca, 0x66, 0xa2, 0x1d, 0x73, 0x3e, 0x5b, 0x45, 0x1c, 0xca, 0xa7, 0xcf, 0x98, 0xe5, 0x30, 0xe6, + 0x4c, 0xe2, 0x83, 0x9d, 0x7d, 0xe8, 0xf3, 0x87, 0xf2, 0x83, 0x3d, 0x7f, 0x30, 0xa6, 0x65, 0xe5, + 0xa1, 0x4e, 0xcb, 0xea, 0xfd, 0xa7, 0x25, 0xfa, 0x75, 0x0b, 0xc6, 0xdb, 0x7d, 0x6a, 0xb5, 0x0b, + 0x9f, 0xe2, 0xad, 0xe3, 0xa9, 0x04, 0xdf, 0x78, 0x62, 0x6f, 0x77, 0xa2, 0x6f, 0x89, 0x7c, 0xdc, + 0xb7, 0x57, 0xf6, 0x77, 0xca, 0xc0, 0x6a, 0xb6, 0xb2, 0xd2, 0x68, 0x3b, 0xe8, 0xe3, 0x66, 0xf5, + 0x5d, 0xab, 0xa8, 0x4a, 0xb1, 0x9c, 0xb8, 0xaa, 0xde, 0xcb, 0x47, 0x30, 0xaf, 0x98, 0x6f, 0x56, + 0x68, 0x95, 0x06, 0x10, 0x5a, 0xbe, 0x2c, 0x73, 0x5c, 0x2e, 0xbe, 0xcc, 0x71, 0x3d, 0x5b, 0xe2, + 0xf8, 0xfe, 0x9f, 0xb8, 0xf2, 0x48, 0x7e, 0xe2, 0xbf, 0x66, 0x71, 0xc1, 0x93, 0xf9, 0x0a, 0x5a, + 0x33, 0xb0, 0xee, 0xa3, 0x19, 0x3c, 0xc7, 0xae, 0x7b, 0x5f, 0xbf, 0x4a, 0x1c, 0x5f, 0x68, 0x10, + 0xe6, 0xcd, 0xed, 0xac, 0x1d, 0x2b, 0x0c, 0x76, 0xfb, 0xa1, 0xef, 0x87, 0x77, 0x2f, 0xb7, 0x3b, + 0xc9, 0x8e, 0xd0, 0x25, 0xf4, 0xed, 0x87, 0x0a, 0x82, 0x0d, 0x2c, 0xfb, 0xaf, 0x97, 0xf8, 0x0c, + 0x14, 0x51, 0x05, 0x2f, 0x67, 0xee, 0xab, 0x1a, 0xfc, 0x40, 0xfe, 0xa3, 0x00, 0xae, 0xba, 0xe9, + 0x59, 0x1c, 0xf7, 0x5c, 0x3d, 0xf2, 0x35, 0xb4, 0x82, 0x9e, 0x7e, 0x0d, 0xdd, 0x86, 0x0d, 0x7e, + 0x29, 0x59, 0x5a, 0xde, 0x57, 0x96, 0xa6, 0xc4, 0x4a, 0x65, 0x9f, 0xdd, 0xee, 0x4f, 0x2d, 0x48, + 0x69, 0x44, 0xa8, 0x03, 0x55, 0xda, 0xdd, 0x9d, 0x62, 0x2e, 0xb1, 0x36, 0x49, 0x53, 0xd1, 0x28, + 0xa6, 0x3d, 0xfb, 0x89, 0x39, 0x23, 0xe4, 0x8b, 0xe0, 0x83, 0x52, 0x11, 0x17, 0xad, 0x9b, 0x0c, + 0xaf, 0x86, 0xe1, 0x26, 0x3f, 0xb3, 0xd4, 0x81, 0x0c, 0xf6, 0xcb, 0x30, 0xd6, 0xd3, 0x29, 0x76, + 0x35, 0x4d, 0x28, 0x6f, 0xee, 0x36, 0xa6, 0x2b, 0xcb, 0x88, 0xc4, 0x1c, 0x66, 0x7f, 0xc3, 0x82, + 0xd3, 0x59, 0xf2, 0xe8, 0x2b, 0x16, 0x8c, 0xc5, 0x59, 0x7a, 0xc7, 0x35, 0x76, 0x2a, 0x80, 0xb0, + 0x07, 0x84, 0x7b, 0x3b, 0x61, 0xff, 0x6f, 0x31, 0xf9, 0x6f, 0x7b, 0x41, 0x33, 0xbc, 0xab, 0x14, + 0x13, 0xab, 0xaf, 0x62, 0x42, 0xd7, 0xa3, 0xbb, 0x41, 0x9a, 0x5d, 0xbf, 0x27, 0x15, 0x73, 0x45, + 0xb4, 0x63, 0x85, 0xc1, 0x32, 0xcf, 0xba, 0xa2, 0x0e, 0x7a, 0x66, 0x52, 0xce, 0x8a, 0x76, 0xac, + 0x30, 0xd0, 0x8b, 0x30, 0x6a, 0xde, 0x4e, 0x2f, 0xe6, 0x25, 0x53, 0xc8, 0xcd, 0x8b, 0xec, 0x71, + 0x0a, 0x0b, 0x4d, 0x02, 0x28, 0x25, 0x47, 0x6e, 0x91, 0xcc, 0x07, 0xa4, 0x24, 0x51, 0x8c, 0x0d, + 0x0c, 0x96, 0xe7, 0xc9, 0xaf, 0x80, 0x97, 0x61, 0xb6, 0x3c, 0xcf, 0x53, 0xb4, 0x61, 0x05, 0xa5, + 0xd2, 0xa4, 0xed, 0x04, 0x5d, 0xc7, 0xa7, 0x23, 0x24, 0xac, 0x3a, 0xb5, 0x0c, 0x17, 0x15, 0x04, + 0x1b, 0x58, 0xf4, 0x8d, 0x13, 0xaf, 0x4d, 0x5e, 0x0b, 0x03, 0x19, 0xf8, 0xa5, 0x4f, 0x74, 0x44, + 0x3b, 0x56, 0x18, 0xf6, 0x7f, 0xb2, 0xe0, 0x94, 0xce, 0x1a, 0xe7, 0x97, 0xd0, 0x9a, 0x46, 0xa8, + 0xb5, 0xaf, 0x11, 0x9a, 0x4e, 0xa7, 0x2d, 0x0d, 0x94, 0x4e, 0x6b, 0x66, 0xba, 0x96, 0xef, 0x9b, + 0xe9, 0xfa, 0x83, 0xfa, 0x82, 0x43, 0x9e, 0x12, 0x3b, 0x92, 0x77, 0xb9, 0x21, 0xb2, 0x61, 0xc8, + 0x75, 0x54, 0xc9, 0x94, 0x51, 0x6e, 0x3b, 0xcc, 0x4c, 0x33, 0x24, 0x01, 0xb1, 0x97, 0xa0, 0xae, + 0x0e, 0x36, 0xa4, 0xa1, 0x6a, 0xe5, 0x1b, 0xaa, 0x03, 0x65, 0xdc, 0x35, 0xd6, 0xbe, 0xf9, 0xdd, + 0xa7, 0xde, 0xf1, 0xfb, 0xdf, 0x7d, 0xea, 0x1d, 0x7f, 0xf4, 0xdd, 0xa7, 0xde, 0xf1, 0x89, 0xbd, + 0xa7, 0xac, 0x6f, 0xee, 0x3d, 0x65, 0xfd, 0xfe, 0xde, 0x53, 0xd6, 0x1f, 0xed, 0x3d, 0x65, 0x7d, + 0x67, 0xef, 0x29, 0xeb, 0x8b, 0xff, 0xfe, 0xa9, 0x77, 0xbc, 0x96, 0x1b, 0xf9, 0x47, 0x7f, 0x3c, + 0xef, 0x36, 0xa7, 0xb6, 0x2e, 0xb1, 0xe0, 0x33, 0xba, 0xbc, 0xa6, 0x8c, 0x39, 0x35, 0x25, 0x97, + 0xd7, 0xff, 0x0d, 0x00, 0x00, 0xff, 0xff, 0x22, 0xdf, 0x41, 0x72, 0xd5, 0xd9, 0x00, 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -13036,6 +13037,16 @@ func (m *SCMProviderGeneratorGitlab) MarshalToSizedBuffer(dAtA []byte) (int, err _ = i var l int _ = l + if m.IncludeSharedProjects != nil { + i-- + if *m.IncludeSharedProjects { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x38 + } i-- if m.Insecure { dAtA[i] = 1 @@ -16873,6 +16884,9 @@ func (m *SCMProviderGeneratorGitlab) Size() (n int) { } n += 2 n += 2 + if m.IncludeSharedProjects != nil { + n += 2 + } return n } @@ -19444,6 +19458,7 @@ func (this *SCMProviderGeneratorGitlab) String() string { `TokenRef:` + strings.Replace(this.TokenRef.String(), "SecretRef", "SecretRef", 1) + `,`, `AllBranches:` + fmt.Sprintf("%v", this.AllBranches) + `,`, `Insecure:` + fmt.Sprintf("%v", this.Insecure) + `,`, + `IncludeSharedProjects:` + valueToStringGenerated(this.IncludeSharedProjects) + `,`, `}`, }, "") return s @@ -46339,6 +46354,27 @@ func (m *SCMProviderGeneratorGitlab) Unmarshal(dAtA []byte) error { } } m.Insecure = bool(v != 0) + case 7: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field IncludeSharedProjects", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + b := bool(v != 0) + m.IncludeSharedProjects = &b default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 7c85b0a729e7d..7291baf390a11 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -2032,6 +2032,9 @@ message SCMProviderGeneratorGitlab { // Skips validating the SCM provider's TLS certificate - useful for self-signed certificates.; default: false optional bool insecure = 6; + + // When recursing through subgroups, also include shared Projects (true) or scan only the subgroups under same path (false). Defaults to "true" + optional bool includeSharedProjects = 7; } // Utility struct for a reference to a secret key. diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index df5cd44622a5c..9acb42e4e732c 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -6949,6 +6949,13 @@ func schema_pkg_apis_application_v1alpha1_SCMProviderGeneratorGitlab(ref common. Format: "", }, }, + "includeSharedProjects": { + SchemaProps: spec.SchemaProps{ + Description: "When recursing through subgroups, also include shared Projects (true) or scan only the subgroups under same path (false). Defaults to \"true\"", + Type: []string{"boolean"}, + Format: "", + }, + }, }, Required: []string{"group"}, }, diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index 8d10b219f0be0..79b97e330ad09 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -3799,6 +3799,11 @@ func (in *SCMProviderGeneratorGitlab) DeepCopyInto(out *SCMProviderGeneratorGitl *out = new(SecretRef) **out = **in } + if in.IncludeSharedProjects != nil { + in, out := &in.IncludeSharedProjects, &out.IncludeSharedProjects + *out = new(bool) + **out = **in + } return } From 389cf7521de83bdd70d18ea33d1d4e233d6a5382 Mon Sep 17 00:00:00 2001 From: Ashin Sabu <139749674+ashinsabu3@users.noreply.github.com> Date: Tue, 8 Aug 2023 21:00:41 +0530 Subject: [PATCH 100/105] fix(cmp): send sigterm to cmp commands before sigkill to allow for potential cleanup (#9180) (#14955) * fix: send sigterm to cmp commands before sigkill to allow for potential cleanup Signed-off-by: Ashin Sabu * fix: unit test for runCommand in cmpserver to test cleanup modified Signed-off-by: Ashin Sabu * fix: change unit test for plugin/runCommand to avoid bad trap along with lint fix Signed-off-by: Ashin Sabu --------- Signed-off-by: Ashin Sabu --- cmpserver/plugin/plugin.go | 8 ++++++++ cmpserver/plugin/plugin_test.go | 22 ++++++++++++++++++++++ cmpserver/plugin/plugin_unix.go | 4 ++++ 3 files changed, 34 insertions(+) diff --git a/cmpserver/plugin/plugin.go b/cmpserver/plugin/plugin.go index ca67ccecf214a..f03b73f24dcf6 100644 --- a/cmpserver/plugin/plugin.go +++ b/cmpserver/plugin/plugin.go @@ -97,6 +97,14 @@ func runCommand(ctx context.Context, command Command, path string, env []string) <-ctx.Done() // Kill by group ID to make sure child processes are killed. The - tells `kill` that it's a group ID. // Since we didn't set Pgid in SysProcAttr, the group ID is the same as the process ID. https://pkg.go.dev/syscall#SysProcAttr + + // Sending a TERM signal first to allow any potential cleanup if needed, and then sending a KILL signal + _ = sysCallTerm(-cmd.Process.Pid) + + // modify cleanup timeout to allow process to cleanup + cleanupTimeout := 5 * time.Second + time.Sleep(cleanupTimeout) + _ = sysCallKill(-cmd.Process.Pid) }() diff --git a/cmpserver/plugin/plugin_test.go b/cmpserver/plugin/plugin_test.go index 936a38caba934..b253dc414cbdc 100644 --- a/cmpserver/plugin/plugin_test.go +++ b/cmpserver/plugin/plugin_test.go @@ -369,6 +369,28 @@ func TestRunCommandEmptyCommand(t *testing.T) { assert.ErrorContains(t, err, "Command is empty") } +// TestRunCommandContextTimeoutWithGracefulTermination makes sure that the process is given enough time to cleanup before sending SIGKILL. +func TestRunCommandContextTimeoutWithCleanup(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), 900*time.Millisecond) + defer cancel() + + // Use a subshell so there's a child command. + // This command sleeps for 4 seconds which is currently less than the 5 second delay between SIGTERM and SIGKILL signal and then exits successfully. + command := Command{ + Command: []string{"sh", "-c"}, + Args: []string{`(trap 'echo "cleanup completed"; exit' TERM; sleep 4)`}, + } + + before := time.Now() + output, err := runCommand(ctx, command, "", []string{}) + after := time.Now() + + assert.Error(t, err) // The command should time out, causing an error. + assert.Less(t, after.Sub(before), 1*time.Second) + // The command should still have completed the cleanup after termination. + assert.Contains(t, output, "cleanup completed") +} + func Test_getParametersAnnouncement_empty_command(t *testing.T) { staticYAML := ` - name: static-a diff --git a/cmpserver/plugin/plugin_unix.go b/cmpserver/plugin/plugin_unix.go index a9dc157bc7ef8..ea6b7b5493910 100644 --- a/cmpserver/plugin/plugin_unix.go +++ b/cmpserver/plugin/plugin_unix.go @@ -14,3 +14,7 @@ func newSysProcAttr(setpgid bool) *syscall.SysProcAttr { func sysCallKill(pid int) error { return syscall.Kill(pid, syscall.SIGKILL) } + +func sysCallTerm(pid int) error { + return syscall.Kill(pid, syscall.SIGTERM) +} From ee3719cb54410665e6cfad88b3cbd3ddd70953a5 Mon Sep 17 00:00:00 2001 From: Dan Garfield Date: Wed, 9 Aug 2023 07:48:23 -0600 Subject: [PATCH 101/105] docs: Feature bounty proposal (Experimental) (#14234) * Create bounty proposal Signed-off-by: Dan Garfield * Update docs/proposals/feature-bounties.md Signed-off-by: Dan Garfield Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Dan Garfield * Update docs/proposals/feature-bounties.md Signed-off-by: Dan Garfield Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Dan Garfield * Update docs/proposals/feature-bounties.md Signed-off-by: Dan Garfield * Update docs/proposals/feature-bounties.md Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Update docs/proposals/feature-bounties.md Signed-off-by: Dan Garfield Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Dan Garfield * Update docs/proposals/feature-bounties.md Signed-off-by: Dan Garfield * Update docs/proposals/feature-bounties.md Signed-off-by: Dan Garfield --------- Signed-off-by: Dan Garfield Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- docs/proposals/feature-bounties.md | 49 ++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 docs/proposals/feature-bounties.md diff --git a/docs/proposals/feature-bounties.md b/docs/proposals/feature-bounties.md new file mode 100644 index 0000000000000..a3b978bf0becb --- /dev/null +++ b/docs/proposals/feature-bounties.md @@ -0,0 +1,49 @@ +--- +title: Offering Feature Bounties (Experimental) +authors: + - "@crenshaw-dev" + - "@todaywasawesome" +sponsors: + - "@jannfis" +reviewers: + - TBD +approvers: + - TBD + +creation-date: 2023-06-27 +--- +# Offering Feature Bounties (Experimental) + +## Summary +We'd like to have the ability to offer monetary rewards for significant features to be added to Argo. + +## Motivation +The Argo Project is driven by community contributions and in shared trust with maintainer companies. Sometimes there are important features worth investing in that represent substantial work and are tougher, or take longer to implement. + +By providing a financial incentive, we can spur additional development from the community and indepdent contributors. + +## Proposal +Add the ability to mark a proposal with a bounty and a specific amount. When a PR is successfully merged, release payment to the PR author(s). + +This proposal is experimental, meaning after trying a single bounty, we will review as a project and decide if we would like to continue this program. Accepting this proposal only constitutes the program for a single bounty as an experiment. + +### Guidelines and Rules + +#### Creating a Bounty +A bounty is a special proposal created under `docs/proposals/feature-bounties`. +* A bounty proposal may only be created by an existing Argo maintainer. +* The proposal document must be reviewed in regular maintainer meetings and an invitation for feedback will provide 7-days to comment. +* Bounty should have approval with [lazy-consensus](https://community.apache.org/committers/lazyConsensus.html) +* Once a bounty is created, they must be honored. +* Bounty progress will be tracked in a GitHub issue linked in the proposal. +* Creating a bounty requires the funds be available and not already committed elsewhere. + +#### Claiming a Bounty +* Argo will pay out bounties once a pull request implementing the requested features/changes/fixes is merged. +* A bounty is limited to a single successful PR. +* Those interested in working on the bounty are encouraged to comment on the issue, and users may team up to split a bounty if they prefer but collaboration is not required and users should not shame eachother for their preferences to work alone or together. +* A comment of interest does not constitute a claim and will not be treated as such. +* The first pull request submitted that is ready for merge will be reviewed by maintainers. Maintainers will also consider any competing pull requests submitted within 24-hours. We expect this will be a very rare circumstance. If multiple, high-quality, merge ready pull requests are submitted, 3-5 Approvers for the sub-project will vote to decide the final pull request merged. + +### Funding +The Argo Project has a small amount of funds from HackerOne bounties that can provide for a few feature bounties. \ No newline at end of file From e7ad4fbc04d2d868379e1a0e742afba0c3ee4bfb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micka=C3=ABl=20Can=C3=A9vet?= Date: Wed, 9 Aug 2023 16:02:31 +0200 Subject: [PATCH 102/105] fix(actions): check if CronWorkflow has labels in create-workflow action (#14962) (#14974) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mickaël Canévet --- .../CronWorkflow/actions/action_test.yaml | 3 ++ .../actions/create-workflow/action.lua | 2 +- .../testdata/cronworkflow-without-label.yaml | 31 +++++++++++++++++++ .../testdata/workflow-without-label.yaml | 26 ++++++++++++++++ 4 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 resource_customizations/argoproj.io/CronWorkflow/actions/testdata/cronworkflow-without-label.yaml create mode 100644 resource_customizations/argoproj.io/CronWorkflow/actions/testdata/workflow-without-label.yaml diff --git a/resource_customizations/argoproj.io/CronWorkflow/actions/action_test.yaml b/resource_customizations/argoproj.io/CronWorkflow/actions/action_test.yaml index 4c7aa77ff127a..7fce1c3b36cf6 100644 --- a/resource_customizations/argoproj.io/CronWorkflow/actions/action_test.yaml +++ b/resource_customizations/argoproj.io/CronWorkflow/actions/action_test.yaml @@ -2,3 +2,6 @@ actionTests: - action: create-workflow inputPath: testdata/cronworkflow.yaml expectedOutputPath: testdata/workflow.yaml +- action: create-workflow + inputPath: testdata/cronworkflow-without-label.yaml + expectedOutputPath: testdata/workflow-without-label.yaml diff --git a/resource_customizations/argoproj.io/CronWorkflow/actions/create-workflow/action.lua b/resource_customizations/argoproj.io/CronWorkflow/actions/create-workflow/action.lua index 35f7a66b80413..85470525b60b2 100644 --- a/resource_customizations/argoproj.io/CronWorkflow/actions/create-workflow/action.lua +++ b/resource_customizations/argoproj.io/CronWorkflow/actions/create-workflow/action.lua @@ -50,7 +50,7 @@ if (obj.spec.workflowMetadata ~= nil) then end end workflow.metadata.labels["workflows.argoproj.io/cron-workflow"] = obj.metadata.name -if (obj.metadata.labels["workflows.argoproj.io/controller-instanceid"] ~= nil) then +if (obj.metadata.labels ~= nil and obj.metadata.labels["workflows.argoproj.io/controller-instanceid"] ~= nil) then workflow.metadata.labels["workflows.argoproj.io/controller-instanceid"] = obj.metadata.labels["workflows.argoproj.io/controller-instanceid"] end workflow.metadata.annotations["workflows.argoproj.io/scheduled-time"] = os.date("!%Y-%m-%dT%d:%H:%MZ") diff --git a/resource_customizations/argoproj.io/CronWorkflow/actions/testdata/cronworkflow-without-label.yaml b/resource_customizations/argoproj.io/CronWorkflow/actions/testdata/cronworkflow-without-label.yaml new file mode 100644 index 0000000000000..a9f9e2ed8d5c0 --- /dev/null +++ b/resource_customizations/argoproj.io/CronWorkflow/actions/testdata/cronworkflow-without-label.yaml @@ -0,0 +1,31 @@ +apiVersion: argoproj.io/v1alpha1 +kind: CronWorkflow +metadata: + annotations: + cronworkflows.argoproj.io/last-used-schedule: CRON_TZ=America/Los_Angeles * * * * * + name: hello-world + namespace: default +spec: + concurrencyPolicy: Replace + failedJobsHistoryLimit: 4 + schedule: '* * * * *' + startingDeadlineSeconds: 0 + successfulJobsHistoryLimit: 4 + suspend: true + timezone: America/Los_Angeles + workflowSpec: + entrypoint: whalesay + templates: + - container: + args: + - "\U0001F553 hello world. Scheduled on: {{workflow.scheduledTime}}" + command: + - cowsay + image: 'docker/whalesay:latest' + name: whalesay + workflowMetadata: + labels: + example: test + annotations: + another-example: another-test + finalizers: [test-finalizer] diff --git a/resource_customizations/argoproj.io/CronWorkflow/actions/testdata/workflow-without-label.yaml b/resource_customizations/argoproj.io/CronWorkflow/actions/testdata/workflow-without-label.yaml new file mode 100644 index 0000000000000..1d20bc0d72a6a --- /dev/null +++ b/resource_customizations/argoproj.io/CronWorkflow/actions/testdata/workflow-without-label.yaml @@ -0,0 +1,26 @@ +- k8sOperation: create + unstructuredObj: + apiVersion: argoproj.io/v1alpha1 + kind: Workflow + metadata: + annotations: + another-example: another-test + labels: + example: test + name: hello-world-202306221736 + namespace: default + ownerReferences: + - apiVersion: argoproj.io/v1alpha1 + kind: CronWorkflow + name: hello-world + finalizers: [test-finalizer] + spec: + entrypoint: whalesay + templates: + - container: + args: + - "\U0001F553 hello world. Scheduled on: {{workflow.scheduledTime}}" + command: + - cowsay + image: 'docker/whalesay:latest' + name: whalesay From 76f5cd3c1a3030d7c9b5662c20f4282d856173b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micka=C3=ABl=20Can=C3=A9vet?= Date: Wed, 9 Aug 2023 16:03:35 +0200 Subject: [PATCH 103/105] chore: add Jellysmack in USERS.md (#14975) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mickaël Canévet --- USERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/USERS.md b/USERS.md index 7fef7908ce35a..67c1ff51e4702 100644 --- a/USERS.md +++ b/USERS.md @@ -128,6 +128,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Info Support](https://www.infosupport.com/) 1. [InsideBoard](https://www.insideboard.com) 1. [Intuit](https://www.intuit.com/) +1. [Jellysmack](https://www.jellysmack.com) 1. [Joblift](https://joblift.com/) 1. [JovianX](https://www.jovianx.com/) 1. [Kaltura](https://corp.kaltura.com/) From 83e4bff8f781583fb619fbb77a25c45cfc962df4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 9 Aug 2023 10:11:12 -0400 Subject: [PATCH 104/105] chore(deps): bump actions/setup-go from 4.0.1 to 4.1.0 (#14970) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.0.1 to 4.1.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/fac708d6674e30b6ba41289acaab6d4b75aa0753...93397bea11091df50f3d7e59dc26a7711a8bcfbe) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-build.yaml | 14 +++++++------- .github/workflows/image-reuse.yaml | 2 +- .github/workflows/release.yaml | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 43afc73bcb24c..ca82fa060b0c1 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -30,7 +30,7 @@ jobs: - name: Checkout code uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Download all Go modules @@ -48,7 +48,7 @@ jobs: - name: Checkout code uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Restore go build cache @@ -72,7 +72,7 @@ jobs: - name: Checkout code uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Run golangci-lint @@ -97,7 +97,7 @@ jobs: - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Install required packages @@ -164,7 +164,7 @@ jobs: - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Install required packages @@ -217,7 +217,7 @@ jobs: - name: Checkout code uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Create symlink in GOPATH @@ -381,7 +381,7 @@ jobs: - name: Checkout code uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: GH actions workaround - Kill XSP4 process diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index 3c7389af9e203..a0a62669fc5b1 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -69,7 +69,7 @@ jobs: if: ${{ github.ref_type != 'tag'}} - name: Setup Golang - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: ${{ inputs.go-version }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4848a6dfa4605..c2db4b531649d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -77,7 +77,7 @@ jobs: fi - name: Setup Golang - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} @@ -145,7 +145,7 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Setup Golang - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: ${{ env.GOLANG_VERSION }} From 20a1649afb3472c035faf3ae80e8c1287b069250 Mon Sep 17 00:00:00 2001 From: Andrew Block Date: Wed, 9 Aug 2023 16:19:49 +0200 Subject: [PATCH 105/105] docs: Adding native OCI support proposal (#13516) Signed-off-by: Andrew Block Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- docs/proposals/native-ocp-support.md | 135 +++++++++++++++++++++++++++ 1 file changed, 135 insertions(+) create mode 100644 docs/proposals/native-ocp-support.md diff --git a/docs/proposals/native-ocp-support.md b/docs/proposals/native-ocp-support.md new file mode 100644 index 0000000000000..64918fde8904e --- /dev/null +++ b/docs/proposals/native-ocp-support.md @@ -0,0 +1,135 @@ +--- +title: Argo CD first-class OCI support +authors: + - "@sabre1041" + - "@crenshaw-dev" + - "@todaywasawesome" + +sponsors: + - TBD +reviewers: + - "@alexmt" +approvers: + - "@alexmt" + +creation-date: 2023-05-09 +--- + +# Argo CD first-class OCI support + +Storing and retrieving manifests within in OCI registries + +## Summary + +Currently, Argo CD supports obtaining manifests from either a Git repository, a Helm chart repository, or a Helm chart stored within an OCI registry. Given that OCI registries are more frequently being used to store content aside from container images, introduce a mechanism for storing and retrieving manifests that can be used by any of the existing supported tools in any of the supported methods of representing assets that are to be applied to a Kubernetes environment. + + +## Motivation + +The industry is seeing a rapid adoption of OCI Artifacts as a method for storing and retrieving content. Adding support for sourcing resources stored in OCI artifacts not only provides immediate benefits, but opens up additional possible integrations in the future. + +**Dependency Reduction** + + At the present time, a user must have access to either a Git repository, or a remote Helm chart repository. Most users or enterprise organizations already have access to an OCI registry as it represents the primary source of image related content within a Kubernetes environment. By sourcing assets from OCI registries, no additional infrastructure is required in order to store a variety of content types simplifying the set of requirements in order to begin to fully leverage the capabilities of Argo CD. + +**Market Relevance** + +Argo CD continues to be one of the most popular GitOps tools in the industry. As the industry continues to evolve, other tools within the GitOps market have already began to adopt OCI artifacts as a source for storing and retrieving GitOps resources. + +### Goals + +* Enable the retrieval of resources stored as artifacts in OCI registries that are formatted in any of the supported options (Kustomize, Jsonnet, Helm, plain-manifest, CMPs, etc) +* Define a format for storing resources that can be processed by Argo CD as an OCI artifact including the composition and [Media Type(s)](https://github.com/opencontainers/image-spec/blob/main/media-types.md) +* Support the retrieval of artifacts from OCI registries using custom / self signed TLS certificates. +* Support the retrieval of artifacts from OCI registries requiring authentication. + +### Non-Goals + +* CLI Integration to package and publish resources in a format for storage in an OCI registry +* Attach metadata to OCI artifact manifest to provide additional details related to the content (such as original Git source [URL, revision]) + +## Proposal + +This is where we get down to details of what the proposal is about. + +### Use cases + +Add a list of detailed use cases this enhancement intends to take care of. + +#### Publishing and retrieval of content from OCI registries: + +As a user, I would like to make use of content that is represented by any of the supported options (Kustomize, Jsonnet, Helm, plain-manifest, etc) or those that could be consumed using a Config Management Plugin from an OCI registry. + +#### Authenticating to OCI registries: + +As a user, I would like to enforce proper security controls by requiring authentication to an OCI registry and configure Argo CD to be able to interact with this registry. + +#### CLI Integration: + +As a user, I would like the ability to produce, store and retrieve resources (pull/push) in a OCI registry using the Argo CD CLI. + +### Implementation Details/Notes/Constraints + +The Argo CD repo-server currently maintains two types of clients - Helm and git. By adding a third client, and invoking it in the same places as the other two, we can support OCI artifacts. + +It seems likely that we should create a new, common interface to represent all three clients. Then we can instantiate the client we need, toggling on whatever value in the repo config determines what kind of repo we're fetching from. + +#### Format of OCI Artifact + +An OCI artifact can contain any type of binary content. It is important that the content be formatted in a manner that can be consumed by Argo CD. + +#### Content + +Resources that is consumed by Argo CD can be represented by a series of files and folders. To be stored within an OCI artifact, these assets are stored within a compressed tar archive (.tar.gz) OCI layer. The [OCI Image Specification](https://specs.opencontainers.org/image-spec/) allows for metadata to be added through the use of annotations to provide attribute based details describing the included content. This level of detail is important as it satisfies many of the existing capabilities of Argo CD for tracking content, such as Git repository URL, branch name/revision. + + +#### Media Types + +The [OCI Image Specification](https://specs.opencontainers.org/image-spec/) makes extensive use of Media Types to identity the format of content. To provide not only a way that signifies the content of the OCI artifact contains Argo CD manifests, but to define the structure of the content. An understanding of the composition and requirements enable a broad ecosystem of tooling that can be used to produce and consume Argo CD resources within OCI registries. + +Two new Media Types will be used for this purpose as defined below: + +* `application/vnd.cncf.argoproj.argocd.content.v1.tar+gzip` - Primary asset stored within the OCI artifact containing a gzip compressed tar archive of Argo CD resources. Further details are outlined in the prior section. +* `application/vnd.cncf.argoproj.argocd.config.v1+json` - An [OCI Image Configuration](https://specs.opencontainers.org/image-spec/config/) + + +### Detailed examples + + +### Security Considerations + +The direct integration with an external endpoint from the core subsystem of Argo CD introduces several considerations as it relates to security. It is worthy to note that Argo CD currently does support sourcing Helm charts that are stored within OCI registries. However, this interaction is performed by Helm and its underlying library, [ORAS](https://oras.land), and not Argo CD itself. Capabilities included within this proposal can make use of the same libraries to facilitate the interaction. + +#### Credentials + +Security controls may be enforced within the OCI registry to enforce that clients authenticate. The introduction of additional mechanisms to authenticate against target systems is outside the scope of this proposal. However, an integration with existing capabilities and features, such as sourcing from _repository_ credentials is required. + + +### Risks and Mitigation's + +#### Overlap with existing Helm OCI integration + +Argo CD already includes support for sourcing Helm Charts from OCI registries and the retrieval is delegated to functionality provided by Helm. Considerations must be taken into account to determine whether the intent by the end user is to consume an OCI artifact containing Argo CD related resources or a Helm chart. One such method for addressing this concern is to inspect the `mediaType` of the OCI artifact. + + +### Upgrade / Downgrade Strategy + +If applicable, how will the component be upgraded and downgraded? Make sure this is in the test +plan. + +Consider the following in developing an upgrade/downgrade strategy for this enhancement: + +- What changes (in invocations, configurations, API use, etc.) is an existing cluster required to + make on upgrade in order to keep previous behavior? +- What changes (in invocations, configurations, API use, etc.) is an existing cluster required to + make on upgrade in order to make use of the enhancement? + +## Drawbacks + +* Sourcing content from an OCI registry may be perceived to be against GitOps principles as content is not sourced from a Git repository. This concern could be mitigated by attaching additional details related to the content (such as original Git source [URL, revision]). Though it should be noted that the GitOps principles only require a source of truth to be visioned and immutable which OCI registires support. + +## Alternatives + +### Config Management Plugin + +Content stored within OCI artifacts could be sourced using a Config Management Plugin which would not require changes to the core capabilities provided by Argo CD. However, this would be hacky and not represent itself within the Argo CD UI. \ No newline at end of file